Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report eLN6jfk9iT

Overview

General Information

Sample Name:eLN6jfk9iT (renamed file extension from none to dll)
Analysis ID:353906
MD5:8e952d2186e946cfa1122595c17f4c7d
SHA1:6f42c15c43497b79ce5e0ebb61bb68a8649d9bd7
SHA256:a5751a46768149c5ddf318fd75afc66b3db28a5b76254ee0d6ae27b21712e266
Tags:dll

Most interesting Screenshot:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Connects to many different private IPs (likely to spread or exploit)
Found Tor onion address
Infects executable files (exe, dll, sys, html)
Modifies existing user documents (likely ransomware behavior)
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Writes many files with high entropy
Abnormal high CPU Usage
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses 32bit PE files

Classification

Startup

  • System is w10x64
  • loaddll32.exe (PID: 4736 cmdline: loaddll32.exe 'C:\Users\user\Desktop\eLN6jfk9iT.dll' MD5: 8081BC925DFC69D40463079233C90FA5)
    • regsvr32.exe (PID: 912 cmdline: regsvr32.exe /i /s C:\Users\user\Desktop\eLN6jfk9iT.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • cmd.exe (PID: 6116 cmdline: C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • iexplore.exe (PID: 1364 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
        • iexplore.exe (PID: 7072 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1364 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 4772 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1364 CREDAT:82946 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: eLN6jfk9iT.dllVirustotal: Detection: 20%Perma Link
Source: eLN6jfk9iT.dllReversingLabs: Detection: 15%

Exploits:

barindex
Connects to many different private IPs (likely to spread or exploit)Show sources
Source: global trafficTCP traffic: 192.168.2.148:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.149:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.146:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.147:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.140:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.141:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.144:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.145:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.142:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.143:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.159:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.157:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.158:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.151:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.152:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.150:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.155:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.156:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.153:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.154:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.126:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.247:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.127:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.248:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.124:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.245:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.125:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.246:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.128:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.249:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.129:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.240:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.122:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.243:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.123:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.244:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.120:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.241:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.121:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.242:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.97:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.137:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.96:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.138:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.99:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.135:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.98:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.136:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.139:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.250:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.130:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.251:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.91:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.90:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.93:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.133:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.254:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.92:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.134:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.95:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.131:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.252:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.94:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.132:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.253:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.104:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.225:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.105:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.226:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.102:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.223:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.103:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.224:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.108:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.229:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.109:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.106:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.227:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.107:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.228:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.100:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.221:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.101:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.222:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.220:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.115:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.236:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.116:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.237:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.113:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.234:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.114:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.235:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.119:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.117:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.238:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.118:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.239:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.111:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.232:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.112:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.233:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.230:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.110:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.231:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.203:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.204:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.201:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.202:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.207:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.208:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.205:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.206:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.200:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.209:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.214:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.215:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.212:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.213:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.218:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.219:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.216:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.217:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.210:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.211:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.39:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.38:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.42:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.41:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.44:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.43:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.46:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.45:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.48:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.47:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.40:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.28:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.27:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.29:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.31:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.30:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.33:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.32:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.35:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.34:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.37:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.36:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.17:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.16:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.19:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.18:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.20:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.22:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.21:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.24:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.26:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.25:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.11:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.10:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.13:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.12:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.15:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.14:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.0:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.2:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.1:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.180:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.181:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.8:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.7:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.9:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.4:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.3:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.6:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.5:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.86:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.85:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.88:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.87:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.89:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.184:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.185:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.80:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.182:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.183:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.82:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.188:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.81:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.189:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.84:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.186:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.83:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.187:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.191:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.192:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.190:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.75:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.74:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.77:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.76:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.79:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.78:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.195:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.196:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.193:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.194:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.71:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.199:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.70:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.73:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.197:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.72:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.198:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.64:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.63:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.66:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.168:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.65:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.169:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.68:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.67:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.69:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.162:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.163:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.160:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.161:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.60:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.166:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.167:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.62:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.164:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.61:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.165:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.170:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.49:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.53:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.52:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.55:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.179:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.54:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.57:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.56:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.59:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.58:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.173:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.174:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.171:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.172:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.177:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.178:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.51:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.175:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.50:189Jump to behavior
Source: global trafficTCP traffic: 192.168.2.176:189Jump to behavior

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: eLN6jfk9iT.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
Creates a directory in C:\Program FilesShow sources
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\internet explorer\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Microsoft Office\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\MSBuild\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Uninstall Information\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\UNP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\Services\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\Chrome\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\internet explorer\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\internet explorer\images\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\internet explorer\SIGNUP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Microsoft Office\Office16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\MSBuild\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\UNP\Logs\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\UNP\UpdateNotificationMgr\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\Filters\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\MSInfo\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\OFFICE16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\Stationery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\TextConv\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\Triedit\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\VC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\vgx\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\VSTO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\ado\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\msadc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\ole db\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\Chrome\Application\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Microsoft Office\Office16\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Microsoft Office\Office16\OneNote\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ar-SA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\bg-BG\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\da-DK\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\de-DE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\el-GR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\en-GB\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\es-ES\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\es-MX\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\et-EE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\fi-FI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\fr-CA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\fr-FR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\he-IL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\hr-HR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\hu-HU\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\it-IT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ja-JP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ko-KR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\lt-LT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\lv-LV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\nb-NO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\nl-NL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\pl-PL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\pt-BR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\pt-PT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ro-RO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ru-RU\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\sk-SK\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\sl-SI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\sv-SE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\th-TH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\tr-TR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\uk-UA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\zh-CN\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\zh-TW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\OFFICE16\Cultures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\OFFICE16\en-us\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\TextConv\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\Triedit\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\ado\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\msadc\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\ole db\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\Chrome\Application\SetupMetrics\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\readme.txtJump to behavior
Creates license or readme fileShow sources
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Recovery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\internet explorer\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Microsoft Office\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\MSBuild\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Uninstall Information\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\UNP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\internet explorer\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\java\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\jdownloader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft analysis services\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft sql server\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\mozilla firefox\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\msbuild\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\reference assemblies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\dbg\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft Help\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft OneDrive\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Oracle\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\regid.1991-06.com.microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\SoftwareDistribution\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOPrivate\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOShared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\Services\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\Chrome\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\internet explorer\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\internet explorer\images\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\internet explorer\SIGNUP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Microsoft Office\Office16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\MSBuild\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\UNP\Logs\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\UNP\UpdateNotificationMgr\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Icons\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Include\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\SciTE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\DESIGNER\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Java\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Oracle\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Services\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\CrashReports\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Policies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Update\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\internet explorer\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\internet explorer\images\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\internet explorer\SIGNUP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\jdownloader\config\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft analysis services\AS OLEDB\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\CLIPART\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Document Themes 16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Stationery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft sql server\110\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\ADOMD.NET\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\RedistList\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\mozilla firefox\plugins\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\msbuild\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\reference assemblies\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\ARM\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\Setup\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\AppV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Device Stage\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\DeviceSync\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\DRM\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\IdentityCRL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\MapData\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\MF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\NetFramework\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Network\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Search\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Settings\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\SmsRouter\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Spectrum\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Speech_OneCore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Storage Health\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\UEV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\User Account Pictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Vault\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\WDF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\WinMSIPC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\WwanSvc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft OneDrive\setup\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Oracle\Java\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOPrivate\UpdateStore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOShared\Logs\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\AppData\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Desktop\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Documents\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Downloads\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Favorites\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Links\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Music\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Pictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Saved Games\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Videos\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\3D Objects\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\AppData\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Contacts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Downloads\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Favorites\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Links\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Music\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\OneDrive\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Pictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Recent\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Saved Games\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Searches\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Videos\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\AccountPictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Desktop\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Documents\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Downloads\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Libraries\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Music\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Pictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Videos\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.en\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.es\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\Filters\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\MSInfo\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\OFFICE16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\Stationery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\TextConv\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\Triedit\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\VC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\vgx\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\VSTO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\ado\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\msadc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\ole db\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\Chrome\Application\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Microsoft Office\Office16\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Microsoft Office\Office16\OneNote\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\Framework\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Esl\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Resource\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Setup Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\Icons\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\Examples\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\COM\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Geshi\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Prettify\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\SciTE\api\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\Acrobat\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\ARM\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\HelpCfg\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\Reader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Java\Java Update\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\DAO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\DW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\EQUATION\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\EURO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Filters\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\GRPHFLT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\ink\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\MSClientDataMgr\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\MSEnv\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\MSInfo\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\OFFICE16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\OfficeSoftwareProtectionPlatform\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Portal\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\PROOF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Smart Tag\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Source Engine\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Stationery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\TextConv\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\THEMES16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\TRANSLAT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Triedit\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\VBA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\VC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\vgx\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\VSTA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\VSTO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Web Server Extensions\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Oracle\Java\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\ado\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\msadc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\MSMAPI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\ole db\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Update\1.3.35.452\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Update\Download\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Update\Install\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\java\jre1.8.0_211\bin\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\java\jre1.8.0_211\lib\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft analysis services\AS OLEDB\110\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\CLIPART\PUB60COR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\CLIPART\Publisher\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Document Themes 16\Theme Colors\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Document Themes 16\Theme Effects\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Document Themes 16\Theme Fonts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\1036\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\3082\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\AccessWeb\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\ACCWIZ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\ADDINS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Bibliography\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\BORDERS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Configuration\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\CONVERT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\DCF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Document Parts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\FORMS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Groove\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Library\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\LogoImages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\MEDIA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\MSIPC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\OutlookAutoDiscover\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\PAGESIZE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\PROOF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\PUBBA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\PUBWIZ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\QUERIES\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\SAMPLES\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\STARTUP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\XLSTART\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Stationery\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft sql server\110\Shared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\ADOMD.NET\110\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\reference assemblies\Microsoft\Framework\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\ARM\Reader_19.012.20034\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\ARM\S\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\AppV\Setup\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\DSS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\Keys\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\PCPKSP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\RSA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\SystemKeys\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Device Stage\Device\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Device Stage\Task\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\AsimovUploader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\CustomTraceProfiles\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\ETLLogs\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\EventTranscript\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\LocalTraceStore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\OfflineSettings\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\Scripts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\Sideload\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\Siufloc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\SoftLanding\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\SoftLandingStage\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\TenantStorage\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\DRM\Server\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\IdentityCRL\INT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\IdentityCRL\production\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Network\Connections\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Network\Downloader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\Heartbeat\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\AssetCache\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Search\Data\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Settings\Accounts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Speech_OneCore\SR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\UEV\Scripts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\WinMSIPC\Server\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Oracle\Java\installcache\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\AppData\Local\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\AppData\Roaming\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\AppData\Local\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\AppData\LocalLow\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\AppData\Roaming\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\BJZFPPWAPT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\BNAGMGSPLO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\DUUDTUBZFW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\GAOBCVIQIJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\GIGIYTFFYT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\JDDHMPCDUJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\LFOPODGVOH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\NWCXBPIUYI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\PIVFAGEAAV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\QCFWYSKMHA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\QNCYCDFIJJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\ZQIXMVQGAH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\BNAGMGSPLO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\DUUDTUBZFW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\GAOBCVIQIJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\GIGIYTFFYT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\JDDHMPCDUJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\LFOPODGVOH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\NWCXBPIUYI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\PIVFAGEAAV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\QCFWYSKMHA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\QNCYCDFIJJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\ZQIXMVQGAH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Favorites\Links\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Pictures\Camera Roll\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ar-SA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\bg-BG\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\da-DK\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\de-DE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\el-GR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\en-GB\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\es-ES\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\es-MX\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\et-EE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\fi-FI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\fr-CA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\fr-FR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\he-IL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\hr-HR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\hu-HU\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\it-IT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ja-JP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ko-KR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\lt-LT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\lv-LV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\nb-NO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\nl-NL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\pl-PL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\pt-BR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\pt-PT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ro-RO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ru-RU\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\sk-SK\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\sl-SI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\sv-SE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\th-TH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\tr-TR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\uk-UA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\zh-CN\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\zh-TW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\OFFICE16\Cultures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\OFFICE16\en-us\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\TextConv\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\Triedit\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\ado\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\msadc\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\ole db\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\Chrome\Application\SetupMetrics\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroApp\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroCEF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AIR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Browser\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Javascripts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Legal\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Locale\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\plug_ins\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\plug_ins3d\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Tracker\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\UIThemes\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\WebResources\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Resource\Font\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Resource\SaslPrep\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Resource\TypeSupport\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\Examples\VBScript\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Simple\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\Extras\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Crimson\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Notepad++\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\PSPad\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\TextPad\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\ARM\1.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\HelpCfg\en_US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\Reader\DC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\EQUATION\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1028\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1031\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1036\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1040\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1041\readme.txtJump to behavior
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49984 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49985 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50000 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49999 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50004 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50001 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50043 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50042 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50044 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50045 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: eLN6jfk9iT.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT

Spreading:

barindex
Infects executable files (exe, dll, sys, html)Show sources
Source: C:\Windows\SysWOW64\regsvr32.exeSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htmJump to behavior

Networking:

barindex
Found Tor onion addressShow sources
Source: readme.txt59.1.drString found in binary or memory: http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
Source: Joe Sandbox ViewIP Address: 151.101.1.44 151.101.1.44
Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownDNS traffic detected: queries for: www.msn.com
Source: readme.txt59.1.drString found in binary or memory: http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
Source: ~DFA69546DD89C352E1.TMP.4.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.5.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.5.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.5.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: ~DFA69546DD89C352E1.TMP.4.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: ~DFA69546DD89C352E1.TMP.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: ~DFA69546DD89C352E1.TMP.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: readme.txt59.1.drString found in binary or memory: https://contirecovery.best
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.5.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: ~DFA69546DD89C352E1.TMP.4.drString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
Source: readme.txt59.1.drString found in binary or memory: https://torproject.org)
Source: ~DFA69546DD89C352E1.TMP.4.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
Source: ~DFA69546DD89C352E1.TMP.4.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp3
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49984 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49985 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50000 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49999 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50004 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50001 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50043 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50042 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50044 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:50045 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands:

barindex
Modifies existing user documents (likely ransomware behavior)Show sources
Source: C:\Windows\SysWOW64\regsvr32.exeFile moved: C:\Users\user\Desktop\QNCYCDFIJJ.pdfJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile moved: C:\Users\user\Desktop\QCFWYSKMHA.jpgJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile moved: C:\Users\user\Desktop\EWZCVGNOWT.pngJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile moved: C:\Users\user\Desktop\BNAGMGSPLO.jpgJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile moved: C:\Users\user\Desktop\GAOBCVIQIJ.xlsxJump to behavior
Writes many files with high entropyShow sources
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt.chm entropy: 7.99994137315Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\NTUSER.DAT entropy: 7.99931936609Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\NTUSER.DAT.LOG1 entropy: 7.99680932409Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf entropy: 7.99713023193Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms entropy: 7.99968952203Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms entropy: 7.99963746774Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab entropy: 7.99998471693Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms entropy: 7.99969335632Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab entropy: 7.99999895342Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab entropy: 7.9999985638Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Setup.xml entropy: 7.99320801017Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab entropy: 7.99993406973Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab entropy: 7.99993976794Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab entropy: 7.9998149286Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab entropy: 7.99981643764Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab entropy: 7.99996776123Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab entropy: 7.99981624156Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.cab entropy: 7.99970848144Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab entropy: 7.99997568572Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab entropy: 7.99978752159Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\OSMMUI.cab entropy: 7.99031176726Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.cab entropy: 7.99981988596Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\branding.xml entropy: 7.99948133455Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab entropy: 7.99997283181Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\setup.chm entropy: 7.99763552872Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab entropy: 7.99983526297Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.cab entropy: 7.99984382407Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\UNP\Logs\UpdateNotificationPipeline.001.etl entropy: 7.99870966639Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm entropy: 7.9991716044Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.psd1 entropy: 7.99331487482Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.xml entropy: 7.99669930606Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.lib entropy: 7.99407606021Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64_DLL.lib entropy: 7.99326607801Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Icons\au3.ico entropy: 7.99348999222Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Icons\au3script_v10.ico entropy: 7.99758318559Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Icons\au3script_v11.ico entropy: 7.99560181848Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Icons\au3script_v9.ico entropy: 7.99244663512Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Icons\filetype-blank.ico entropy: 7.99374174608Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\APIErrorsConstants.au3 entropy: 7.99941566265Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\APIFilesConstants.au3 entropy: 7.99420270053Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\APIShellExConstants.au3 entropy: 7.99290488748Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Array.au3 entropy: 7.99759026192Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\ArrayDisplayInternals.au3 entropy: 7.99376850499Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Crypt.au3 entropy: 7.99285176373Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\CUIAutomation2.au3 entropy: 7.99664987246Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Date.au3 entropy: 7.9978864521Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Debug.au3 entropy: 7.99325728192Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\EventLog.au3 entropy: 7.99441645465Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Excel.au3 entropy: 7.99672643116Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\ExcelConstants.au3 entropy: 7.99037502713Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\File.au3 entropy: 7.99554230557Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\FTPEx.au3 entropy: 7.99569666033Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GDIPlus.au3 entropy: 7.99943273606Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GDIPlusConstants.au3 entropy: 7.99360222643Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiButton.au3 entropy: 7.99426151987Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiComboBox.au3 entropy: 7.99532958798Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiComboBoxEx.au3 entropy: 7.99544679021Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiEdit.au3 entropy: 7.9967222681Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiHeader.au3 entropy: 7.99629890021Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiImageList.au3 entropy: 7.99420138516Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiListBox.au3 entropy: 7.99613590935Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiListView.au3 entropy: 7.9991791256Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiMenu.au3 entropy: 7.99685855045Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiMonthCal.au3 entropy: 7.99567881302Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiReBar.au3 entropy: 7.99728417678Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiRichEdit.au3 entropy: 7.99910817944Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiScrollBars.au3 entropy: 7.99277386861Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiSlider.au3 entropy: 7.99333436924Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiStatusBar.au3 entropy: 7.99429745224Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiTab.au3 entropy: 7.99605911838Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiToolbar.au3 entropy: 7.99785405671Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiToolTip.au3 entropy: 7.99569839871Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\GuiTreeView.au3 entropy: 7.99857206826Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\helper.au3 entropy: 7.99091958265Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\ie.au3 entropy: 7.99889850964Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\ListViewConstants.au3 entropy: 7.9922459021Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Memory.au3 entropy: 7.99035807758Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Misc.au3 entropy: 7.99457732756Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\NetShare.au3 entropy: 7.99614613589Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\NTSTATUSConstants.au3 entropy: 7.99923851102Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\PowerPoint.au3 entropy: 7.99679024354Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Sound.au3 entropy: 7.99219468988Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\SQLite.au3 entropy: 7.99726435476Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\StructureConstants.au3 entropy: 7.99681619729Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\UIAWrappers.au3 entropy: 7.99826404812Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Visa.au3 entropy: 7.99527829586Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIConv.au3 entropy: 7.9927159875Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIDiag.au3 entropy: 7.99365530943Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIDlg.au3 entropy: 7.99538672992Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIFiles.au3 entropy: 7.99823838253Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIGdi.au3 entropy: 7.99918415189Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiDC.au3 entropy: 7.99128459921Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiInternals.au3 entropy: 7.99307299069Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIIcons.au3 entropy: 7.99219923862Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPILocale.au3 entropy: 7.99150406391Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIMem.au3 entropy: 7.99178427436Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIProc.au3 entropy: 7.99743433538Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIReg.au3 entropy: 7.99427357958Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIRes.au3 entropy: 7.99556908284Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIShellEx.au3 entropy: 7.99649277788Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIShPath.au3 entropy: 7.99565978178Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPISys.au3 entropy: 7.99767274059Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPISysInternals.au3 entropy: 7.99497765865Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPISysWin.au3 entropy: 7.9965134203Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPITheme.au3 entropy: 7.99566619835Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WindowsConstants.au3 entropy: 7.99402189285Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinNet.au3 entropy: 7.99571301077Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Word.au3 entropy: 7.99464617512Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\au3.keywords.properties entropy: 7.99783335622Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Google\Update\GoogleUpdate.bk entropy: 7.99890653744Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Java\jre1.8.0_211\THIRDPARTYLICENSEREADME-JAVAFX.txt entropy: 7.99810082478Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Facet.thmx entropy: 7.99974925375Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Integral.thmx entropy: 7.99980251973Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Ion Boardroom.thmx entropy: 7.99982823841Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Ion.thmx entropy: 7.99983987596Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Office Theme.thmx entropy: 7.99947057544Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Organic.thmx entropy: 7.99995371204Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Retrospect.thmx entropy: 7.9998184366Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Slice.thmx entropy: 7.99976951564Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Document Themes 16\Wisp.thmx entropy: 7.99977324027Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\BCSClientManifest.man entropy: 7.99305164297Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\BCSEvents.man entropy: 7.99553517415Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\bdcmetadata.xsd entropy: 7.99312659018Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\CommunicatorContentBinApp.xap entropy: 7.99954238238Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\ExtensibleApp.xap entropy: 7.99778056032Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Installed_resources16.xss entropy: 7.99978447074Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Installed_schemas16.xss entropy: 7.99904582038Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\lync.ico entropy: 7.99898034528Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Microsoft.Lync.Model.zip entropy: 7.99774255273Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Microsoft.Lync.Utilities.Controls.zip entropy: 7.99356390253Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Microsoft.Lync.Utilities.zip entropy: 7.9974782625Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MLCFG32.CPL entropy: 7.99783329879Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MML2OMML.XSL entropy: 7.99889707115Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSACC.OLB entropy: 7.99971594001Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\mscss7wre_en.dub entropy: 7.99793784169Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\mset7db.kic entropy: 7.99983847848Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\mset7en.kic entropy: 7.99985351114Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\mset7es.kic entropy: 7.99982501064Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\mset7fr.kic entropy: 7.99984576051Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\mset7ge.kic entropy: 7.99981498765Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\mset7jp.kic entropy: 7.99983303106Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSOCRRES.ORP entropy: 7.99998949955Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\msoutilstat.etw.man entropy: 7.99835384895Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSOUTL.OLB entropy: 7.99958622275Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSPPT.OLB entropy: 7.99955302202Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSPUB.TLB entropy: 7.9993409767Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSWORD.OLB entropy: 7.99981304193Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSZIP.DIC entropy: 7.99983167998Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\NativeHostAnnotationApp.xap entropy: 7.99937525641Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\NativeHostPollApp.xap entropy: 7.99809455448Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Ocomprivate.zip entropy: 7.99832996624Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OMML2MML.XSL entropy: 7.99760995237Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTM entropy: 7.9988638778Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPP.VBS entropy: 7.99844156029Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OUTLFLTR.DAT entropy: 7.99981625556Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\REMINDER.WAV entropy: 7.99829260112Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Resources.pri entropy: 7.99598057764Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\RSWOP.ICM entropy: 7.99931827095Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\SLERROR.XML entropy: 7.99451364916Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\Wordcnvpxy.cnv entropy: 7.99393954681Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\wordEtw.man entropy: 7.99972886974Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico entropy: 7.99291520724Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico entropy: 7.99779984861Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\MySite.ico entropy: 7.99350296525Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico entropy: 7.99171584188Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico entropy: 7.99291764846Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat entropy: 7.99960717669Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\User Account Pictures\guest.bmp entropy: 7.99969586616Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\User Account Pictures\user.bmp entropy: 7.99969736835Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl entropy: 7.99228267889Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl entropy: 7.99055113764Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl entropy: 7.99476045421Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab entropy: 7.99996977401Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab entropy: 7.99985997733Jump to dropped file
Source: C:\Windows\SysWOW64\regsvr32.exeProcess Stats: CPU usage > 98%
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: eLN6jfk9iT.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
Source: classification engineClassification label: mal80.rans.spre.expl.evad.winDLL@11/852@17/100
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeMutant created: \Sessions\1\BaseNamedObjects\sjhdksuuoasjgm881998asnfj771
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF078E62CDF628BAA8.TMPJump to behavior
Source: eLN6jfk9iT.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Program Files\desktop.iniJump to behavior
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: eLN6jfk9iT.dllVirustotal: Detection: 20%
Source: eLN6jfk9iT.dllReversingLabs: Detection: 15%
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\eLN6jfk9iT.dll'
Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\eLN6jfk9iT.dll
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe'
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1364 CREDAT:17410 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1364 CREDAT:82946 /prefetch:2
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\eLN6jfk9iT.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe'Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exeJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1364 CREDAT:17410 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1364 CREDAT:82946 /prefetch:2Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile written: C:\Program Files\desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\internet explorer\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Microsoft Office\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\MSBuild\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Uninstall Information\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\UNP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\Services\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\Chrome\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\internet explorer\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\internet explorer\images\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\internet explorer\SIGNUP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Microsoft Office\Office16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\MSBuild\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\UNP\Logs\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\UNP\UpdateNotificationMgr\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\Filters\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\MSInfo\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\OFFICE16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\Stationery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\TextConv\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\Triedit\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\VC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\vgx\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\VSTO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\ado\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\msadc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\ole db\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\Chrome\Application\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Microsoft Office\Office16\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Microsoft Office\Office16\OneNote\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ar-SA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\bg-BG\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\da-DK\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\de-DE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\el-GR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\en-GB\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\es-ES\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\es-MX\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\et-EE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\fi-FI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\fr-CA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\fr-FR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\he-IL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\hr-HR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\hu-HU\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\it-IT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ja-JP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ko-KR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\lt-LT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\lv-LV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\nb-NO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\nl-NL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\pl-PL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\pt-BR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\pt-PT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ro-RO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\ru-RU\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\sk-SK\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\sl-SI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\sv-SE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\th-TH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\tr-TR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\uk-UA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\zh-CN\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\ink\zh-TW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\OFFICE16\Cultures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\OFFICE16\en-us\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\TextConv\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\Triedit\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\ado\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\msadc\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Common Files\system\ole db\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Google\Chrome\Application\SetupMetrics\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\readme.txtJump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: eLN6jfk9iT.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: eLN6jfk9iT.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: eLN6jfk9iT.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: eLN6jfk9iT.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: eLN6jfk9iT.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: eLN6jfk9iT.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: eLN6jfk9iT.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: eLN6jfk9iT.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: eLN6jfk9iT.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: eLN6jfk9iT.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: eLN6jfk9iT.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: eLN6jfk9iT.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: eLN6jfk9iT.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\eLN6jfk9iT.dll

Persistence and Installation Behavior:

barindex
Infects executable files (exe, dll, sys, html)Show sources
Source: C:\Windows\SysWOW64\regsvr32.exeSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htmJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Recovery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\internet explorer\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Microsoft Office\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\MSBuild\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Uninstall Information\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\UNP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\internet explorer\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\java\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\jdownloader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft analysis services\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft sql server\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\mozilla firefox\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\msbuild\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\reference assemblies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\dbg\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft Help\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft OneDrive\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Oracle\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\regid.1991-06.com.microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\SoftwareDistribution\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOPrivate\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOShared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\Services\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\Chrome\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\internet explorer\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\internet explorer\images\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\internet explorer\SIGNUP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Microsoft Office\Office16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\MSBuild\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\UNP\Logs\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\UNP\UpdateNotificationMgr\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Icons\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Include\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\SciTE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\DESIGNER\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Java\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Oracle\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Services\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\CrashReports\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Policies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Update\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\internet explorer\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\internet explorer\images\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\internet explorer\SIGNUP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\jdownloader\config\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft analysis services\AS OLEDB\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\CLIPART\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Document Themes 16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Stationery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft sql server\110\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\ADOMD.NET\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\RedistList\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\mozilla firefox\plugins\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\msbuild\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\reference assemblies\Microsoft\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\ARM\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\Setup\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\AppV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Device Stage\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\DeviceSync\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\DRM\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\IdentityCRL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\MapData\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\MF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\NetFramework\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Network\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Search\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Settings\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\SmsRouter\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Spectrum\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Speech_OneCore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Storage Health\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\UEV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\User Account Pictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Vault\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\WDF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\WinMSIPC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\WwanSvc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft OneDrive\setup\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Oracle\Java\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOPrivate\UpdateStore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\USOShared\Logs\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\AppData\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Desktop\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Documents\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Downloads\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Favorites\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Links\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Music\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Pictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Saved Games\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\Videos\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\3D Objects\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\AppData\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Contacts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Downloads\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Favorites\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Links\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Music\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\OneDrive\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Pictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Recent\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Saved Games\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Searches\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Videos\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\AccountPictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Desktop\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Documents\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Downloads\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Libraries\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Music\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Pictures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Public\Videos\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.en\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.es\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\Filters\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\MSInfo\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\OFFICE16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\Stationery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\TextConv\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\Triedit\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\VC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\vgx\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\VSTO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\ado\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\msadc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\ole db\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\Chrome\Application\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Microsoft Office\Office16\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Microsoft Office\Office16\OneNote\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\Framework\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Esl\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Resource\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Setup Files\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\Icons\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\Examples\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\COM\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Geshi\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Prettify\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\SciTE\api\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\Acrobat\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\ARM\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\HelpCfg\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\Reader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Java\Java Update\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\DAO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\DW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\EQUATION\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\EURO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Filters\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\GRPHFLT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\ink\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\MSClientDataMgr\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\MSEnv\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\MSInfo\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\OFFICE16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\OfficeSoftwareProtectionPlatform\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Portal\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\PROOF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Smart Tag\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Source Engine\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Stationery\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\TextConv\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\THEMES16\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\TRANSLAT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Triedit\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\VBA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\VC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\vgx\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\VSTA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\VSTO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Web Server Extensions\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Oracle\Java\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\ado\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\msadc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\MSMAPI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\system\ole db\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Update\1.3.35.452\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Update\Download\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\google\Update\Install\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\java\jre1.8.0_211\bin\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\java\jre1.8.0_211\lib\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft analysis services\AS OLEDB\110\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\CLIPART\PUB60COR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\CLIPART\Publisher\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Document Themes 16\Theme Colors\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Document Themes 16\Theme Effects\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Document Themes 16\Theme Fonts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\1036\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\3082\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\AccessWeb\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\ACCWIZ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\ADDINS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Bibliography\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\BORDERS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Configuration\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\CONVERT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\DCF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Document Parts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\FORMS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Groove\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\Library\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\LogoImages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\MEDIA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\MSIPC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\OutlookAutoDiscover\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\PAGESIZE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\PROOF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\PUBBA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\PUBWIZ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\QUERIES\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\SAMPLES\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\STARTUP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Office16\XLSTART\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft office\Stationery\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft sql server\110\Shared\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\microsoft.net\ADOMD.NET\110\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\reference assemblies\Microsoft\Framework\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\ARM\Reader_19.012.20034\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\ARM\S\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\AppV\Setup\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\DSS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\Keys\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\PCPKSP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\RSA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Crypto\SystemKeys\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Device Stage\Device\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Device Stage\Task\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\AsimovUploader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\CustomTraceProfiles\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\ETLLogs\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\EventTranscript\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\LocalTraceStore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\OfflineSettings\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\Scripts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\Sideload\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\Siufloc\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\SoftLanding\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\SoftLandingStage\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Diagnosis\TenantStorage\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\DRM\Server\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\IdentityCRL\INT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\IdentityCRL\production\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Network\Connections\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Network\Downloader\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\OFFICE\Heartbeat\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\AssetCache\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Search\Data\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Settings\Accounts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\SmsRouter\MessageStore\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Speech_OneCore\SR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\UEV\Scripts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Microsoft\WinMSIPC\Server\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Oracle\Java\installcache\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\AppData\Local\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\Default\AppData\Roaming\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\AppData\Local\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\AppData\LocalLow\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\AppData\Roaming\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\BJZFPPWAPT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\BNAGMGSPLO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\DUUDTUBZFW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\GAOBCVIQIJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\GIGIYTFFYT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\JDDHMPCDUJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\LFOPODGVOH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\NWCXBPIUYI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\PIVFAGEAAV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\QCFWYSKMHA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\QNCYCDFIJJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Desktop\ZQIXMVQGAH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\BNAGMGSPLO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\DUUDTUBZFW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\GAOBCVIQIJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\GIGIYTFFYT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\JDDHMPCDUJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\LFOPODGVOH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\NWCXBPIUYI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\PIVFAGEAAV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\QCFWYSKMHA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\QNCYCDFIJJ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Documents\ZQIXMVQGAH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Favorites\Links\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Users\user\Pictures\Camera Roll\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ar-SA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\bg-BG\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\da-DK\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\de-DE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\el-GR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\en-GB\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\es-ES\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\es-MX\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\et-EE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\fi-FI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\fr-CA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\fr-FR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\he-IL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\hr-HR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\hu-HU\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\it-IT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ja-JP\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ko-KR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\lt-LT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\lv-LV\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\nb-NO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\nl-NL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\pl-PL\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\pt-BR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\pt-PT\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ro-RO\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\ru-RU\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\sk-SK\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\sl-SI\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\sv-SE\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\th-TH\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\tr-TR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\uk-UA\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\zh-CN\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\ink\zh-TW\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\OFFICE16\Cultures\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\OFFICE16\en-us\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\TextConv\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\Triedit\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\ado\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\msadc\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Common Files\system\ole db\en-US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Google\Chrome\Application\SetupMetrics\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroApp\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroCEF\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AIR\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Browser\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Javascripts\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Legal\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Locale\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\plug_ins\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\plug_ins3d\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Tracker\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\UIThemes\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\WebResources\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Resource\Font\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Resource\SaslPrep\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Resource\TypeSupport\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\Examples\VBScript\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Simple\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\Extras\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Crimson\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Notepad++\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\PSPad\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\TextPad\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\ARM\1.0\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\HelpCfg\en_US\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\Adobe\Reader\DC\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\EQUATION\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1028\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1031\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1033\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1036\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1040\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Program Files (x86)\common files\microsoft shared\Help\1041\readme.txtJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4812Thread sleep count: 65 > 30Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4812Thread sleep time: -325000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\regsvr32.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformationJump to behavior

HIPS / PFW / Operating System Protection Evasion:

barindex
System process connects to network (likely due to code injection or exploit)Show sources
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.148 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.149 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.146 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.147 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.140 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.141 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.144 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.145 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.142 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.143 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.159 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.157 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.158 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.151 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.152 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.150 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.155 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.156 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.153 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.154 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.126 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.247 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.127 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.248 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.124 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.245 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.125 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.246 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.128 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.249 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.129 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.240 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.122 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.243 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.123 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.244 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.120 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.241 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.121 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.242 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.97 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.137 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.96 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.138 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.99 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.135 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.98 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.136 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.139 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.250 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.130 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.251 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.91 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.90 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.93 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.133 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.254 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.92 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.134 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.95 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.131 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.252 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.94 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.132 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.253 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.104 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.225 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.105 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.226 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.102 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.223 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.103 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.224 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.108 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.229 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.109 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.106 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.227 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.107 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.228 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.100 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.221 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.101 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.222 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.220 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.115 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.236 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.116 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.237 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.113 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.234 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.114 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.235 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.119 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.117 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.238 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.118 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.239 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.111 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.232 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.112 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.233 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.230 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.110 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.231 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.203 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.204 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.201 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.202 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.207 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.208 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.205 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.206 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.200 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.209 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.214 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.215 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.212 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.213 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.218 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.219 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.216 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.217 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.210 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.211 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.39 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.38 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.42 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.41 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.44 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.43 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.46 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.45 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.48 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.47 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.40 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.28 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.27 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.29 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.31 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.30 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.33 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.32 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.35 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.34 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.37 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.36 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.17 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.16 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.19 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.18 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.20 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.22 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.21 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.24 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.23 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.26 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.25 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.11 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.10 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.13 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.12 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.15 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.14 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.0 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.2 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.1 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.180 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.181 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.8 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.7 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.9 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.4 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.3 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.6 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.5 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.86 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.85 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.88 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.87 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.89 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.184 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.185 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.80 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.182 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.183 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.82 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.188 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.81 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.189 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.84 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.186 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.83 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.187 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.191 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.192 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.190 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.75 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.74 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.77 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.76 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.79 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.78 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.195 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.196 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.193 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.194 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.71 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.199 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.70 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.73 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.197 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.72 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.198 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.64 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.63 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.66 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.168 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.65 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.169 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.68 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.67 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.69 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.162 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.163 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.160 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.161 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.60 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.166 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.167 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.62 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.164 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.61 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.165 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.170 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.49 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.53 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.52 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.55 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.179 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.54 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.57 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.56 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.59 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.58 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.173 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.174 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.171 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.172 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.177 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.178 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.51 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.175 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.50 189Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 192.168.2.176 189Jump to behavior
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSIONShow sources
Source: C:\Windows\SysWOW64\regsvr32.exeMessage posted: Message id: QUERYENDSESSIONJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe'Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exeJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Users\user\NTUSER.DAT VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Users\user\ntuser.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Users\user\ntuser.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Users\user\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Users\user\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Users\user\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration_Temp.1.etl VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Program Files\Common Files\microsoft shared\OFFICE16\Cultures\OFFICE.ODF VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\GameDVR\KnownGameList.bin VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationDLL Side-Loading1Process Injection111Masquerading3OS Credential DumpingVirtualization/Sandbox Evasion1Taint Shared Content1Data from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Disable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion1Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection111NTDSSystem Information Discovery12Distributed Component Object ModelInput CaptureScheduled TransferProxy1SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRegsvr321LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 353906 Sample: eLN6jfk9iT Startdate: 17/02/2021 Architecture: WINDOWS Score: 80 34 www.msn.com 2->34 36 tls13.taboola.map.fastly.net 2->36 38 2 other IPs or domains 2->38 60 Multi AV Scanner detection for submitted file 2->60 62 Found Tor onion address 2->62 9 loaddll32.exe 1 2->9         started        signatures3 process4 process5 11 regsvr32.exe 40 501 9->11         started        16 cmd.exe 1 9->16         started        dnsIp6 54 192.168.2.100 unknown unknown 11->54 56 192.168.2.101 unknown unknown 11->56 58 97 other IPs or domains 11->58 26 C:\Program Files (x86)\...\WinAPIDlg.au3, DOS 11->26 dropped 28 C:\Users\user\Desktop\QNCYCDFIJJ.pdf, PGP\011Secret 11->28 dropped 30 C:\Users\user\Desktop\QCFWYSKMHA.jpg, data 11->30 dropped 32 180 other files (177 malicious) 11->32 dropped 64 System process connects to network (likely due to code injection or exploit) 11->64 66 Connects to many different private IPs (likely to spread or exploit) 11->66 68 Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION 11->68 70 3 other signatures 11->70 18 iexplore.exe 6 65 16->18         started        file7 signatures8 process9 dnsIp10 40 www.msn.com 18->40 21 iexplore.exe 5 157 18->21         started        24 iexplore.exe 50 18->24         started        process11 dnsIp12 42 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49999, 50000 FASTLYUS United States 21->42 44 www.msn.com 21->44 50 8 other IPs or domains 21->50 46 www.msn.com 24->46 48 web.vortex.data.msn.com 24->48 52 3 other IPs or domains 24->52

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
eLN6jfk9iT.dll20%VirustotalBrowse
eLN6jfk9iT.dll15%ReversingLabsWin32.Ransomware.Cryptor

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
tls13.taboola.map.fastly.net0%VirustotalBrowse
img.img-taboola.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://torproject.org)0%Avira URL Cloudsafe
https://contirecovery.best5%VirustotalBrowse
https://contirecovery.best0%Avira URL Cloudsafe
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
contextual.media.net
184.30.24.22
truefalse
    		high
    tls13.taboola.map.fastly.net
    		151.101.1.44
    		truefalseunknown
    hblg.media.net
    		184.30.24.22
    		truefalse
      		high
      lg3.media.net
      		184.30.24.22
      		truefalse
        		high
        geolocation.onetrust.com
        		104.20.185.68
        		truefalse
          		high
          web.vortex.data.msn.com
          		unknown
          		unknownfalse
            		high
            www.msn.com
            		unknown
            		unknownfalse
              		high
              srtb.msn.com
              		unknown
              		unknownfalse
                		high
                img.img-taboola.com
                		unknown
                		unknownfalseunknown
                cvision.media.net
                		unknown
                		unknownfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://www.msn.com/de-ch/?ocid=iehp3~DFA69546DD89C352E1.TMP.4.drfalse
                    		high
                    http://searchads.msn.net/.cfm?&&kp=1&~DFA69546DD89C352E1.TMP.4.drfalse
                      		high
                      https://cdn.cookielaw.org/vendorlist/googleData.json55a804ab-e5c6-4b97-9319-86263d365d28[1].json.5.drfalse
                        		high
                        https://torproject.org)readme.txt59.1.drfalse
                        • Avira URL Cloud: safe
                        		low
                        https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg~DFA69546DD89C352E1.TMP.4.drfalse
                          		high
                          https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2~DFA69546DD89C352E1.TMP.4.drfalse
                            		high
                            https://cdn.cookielaw.org/vendorlist/iabData.json55a804ab-e5c6-4b97-9319-86263d365d28[1].json.5.drfalse
                              		high
                              https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1~DFA69546DD89C352E1.TMP.4.drfalse
                                		high
                                https://cdn.cookielaw.org/vendorlist/iab2Data.json55a804ab-e5c6-4b97-9319-86263d365d28[1].json.5.drfalse
                                  		high
                                  https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location55a804ab-e5c6-4b97-9319-86263d365d28[1].json.5.drfalse
                                    		high
                                    https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1~DFA69546DD89C352E1.TMP.4.drfalse
                                      		high
                                      https://www.msn.com/de-ch/?ocid=iehp~DFA69546DD89C352E1.TMP.4.drfalse
                                        		high
                                        https://contirecovery.bestreadme.txt59.1.drfalse
                                        • 5%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/readme.txt59.1.drtrue
                                        • Avira URL Cloud: safe
                                        		unknown

                                        Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public

                                        IPDomainCountryFlagASNASN NameMalicious
                                        151.101.1.44
                                        		unknownUnited States
                                        		54113FASTLYUSfalse

                                        Private

                                        IP
                                        192.168.2.148
                                        192.168.2.149
                                        192.168.2.146
                                        192.168.2.147
                                        192.168.2.140
                                        192.168.2.141
                                        192.168.2.144
                                        192.168.2.145
                                        192.168.2.142
                                        192.168.2.143
                                        192.168.2.159
                                        192.168.2.157
                                        192.168.2.158
                                        192.168.2.151
                                        192.168.2.152
                                        192.168.2.150
                                        192.168.2.155
                                        192.168.2.156
                                        192.168.2.153
                                        192.168.2.154
                                        192.168.2.126
                                        192.168.2.247
                                        192.168.2.127
                                        192.168.2.248
                                        192.168.2.124
                                        192.168.2.245
                                        192.168.2.125
                                        192.168.2.246
                                        192.168.2.128
                                        192.168.2.249
                                        192.168.2.129
                                        192.168.2.240
                                        192.168.2.122
                                        192.168.2.243
                                        192.168.2.123
                                        192.168.2.244
                                        192.168.2.120
                                        192.168.2.241
                                        192.168.2.121
                                        192.168.2.242
                                        192.168.2.97
                                        192.168.2.137
                                        192.168.2.96
                                        192.168.2.138
                                        192.168.2.99
                                        192.168.2.135
                                        192.168.2.98
                                        192.168.2.136
                                        192.168.2.139
                                        192.168.2.250
                                        192.168.2.130
                                        192.168.2.251
                                        192.168.2.91
                                        192.168.2.90
                                        192.168.2.93
                                        192.168.2.133
                                        192.168.2.254
                                        192.168.2.92
                                        192.168.2.134
                                        192.168.2.95
                                        192.168.2.131
                                        192.168.2.252
                                        192.168.2.94
                                        192.168.2.132
                                        192.168.2.253
                                        192.168.2.104
                                        192.168.2.225
                                        192.168.2.105
                                        192.168.2.226
                                        192.168.2.102
                                        192.168.2.223
                                        192.168.2.103
                                        192.168.2.224
                                        192.168.2.108
                                        192.168.2.229
                                        192.168.2.109
                                        192.168.2.106
                                        192.168.2.227
                                        192.168.2.107
                                        192.168.2.228
                                        192.168.2.100
                                        192.168.2.221
                                        192.168.2.101
                                        192.168.2.222
                                        192.168.2.220
                                        192.168.2.115
                                        192.168.2.236
                                        192.168.2.116
                                        192.168.2.237
                                        192.168.2.113
                                        192.168.2.234
                                        192.168.2.114
                                        192.168.2.235
                                        192.168.2.119
                                        192.168.2.117
                                        192.168.2.238
                                        192.168.2.118
                                        192.168.2.239
                                        192.168.2.111

                                        General Information

                                        Joe Sandbox Version:31.0.0 Emerald
                                        Analysis ID:353906
                                        Start date:17.02.2021
                                        Start time:05:45:11
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 9m 53s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:eLN6jfk9iT (renamed file extension from none to dll)
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:34
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal80.rans.spre.expl.evad.winDLL@11/852@17/100
                                        EGA Information:Failed
                                        HDC Information:Failed
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 0
                                        • Number of non-executed functions: 0
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        Warnings:
                                        Show All
                                        • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                        • Excluded IPs from analysis (whitelisted): 168.61.161.212, 13.64.90.137, 88.221.62.148, 204.79.197.203, 204.79.197.200, 13.107.21.200, 92.122.213.187, 92.122.213.231, 65.55.44.109, 184.30.24.22, 152.199.19.161, 23.218.208.56, 40.126.31.143, 20.190.159.138, 40.126.31.135, 20.190.159.132, 20.190.159.134, 20.190.159.136, 40.126.31.141, 40.126.31.6, 51.104.139.180, 2.20.142.210, 2.20.142.209, 92.122.213.194, 92.122.213.247, 20.54.26.129, 51.11.168.160, 52.155.217.156
                                        • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, go.microsoft.com, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, a-0003.a-msedge.net, cvision.media.net.edgekey.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, www-msn-com.a-0003.a-msedge.net, a767.dscg3.akamai.net, a1999.dscg2.akamai.net, web.vortex.data.trafficmanager.net, e607.d.akamaiedge.net, login.msa.msidentity.com, web.vortex.data.microsoft.com, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, static-global-s-msn-com.akamaized.net, dub2.next.a.prd.aadg.trafficmanager.net, cs9.wpc.v0cdn.net
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtCreateFile calls found.
                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                        • Report size getting too big, too many NtOpenFile calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                        • Report size getting too big, too many NtReadFile calls found.
                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                        • Report size getting too big, too many NtWriteFile calls found.
                                        • Too many dropped files, some of them have not been restored

                                        Simulations

                                        Behavior and APIs

                                        No simulations

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        151.101.1.44http://s3-eu-west-1.amazonaws.com/hjdpjni/ogbim#qs=r-acacaeeikdgeadkieeefjaehbihabababaefahcaccajbiackdcagfkbkacbGet hashmaliciousBrowse
                                        • cdn.taboola.com/libtrc/w4llc-network/loader.js

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        hblg.media.netHGrt.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        v.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        4818840.dat.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        602b97e0b415b.png.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        SecuriteInfo.com.Generic.mg.44669e0ff064dfc9.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        SecuriteInfo.com.Generic.mg.3964ec2fe493ed56.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        SecuriteInfo.com.Generic.mg.f76b81b0397ae313.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        SecuriteInfo.com.Generic.mg.f77e7bd43f365593.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        NJPcHPuRcG.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        Ne6A4k8vK6.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        13xakh1PtD.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        DUcKsYsyX0.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        RI51uAIUyL.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        mon44_cr.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        mon41_cr.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        mon4498.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        e888888888.dllGet hashmaliciousBrowse
                                        • 23.218.208.23
                                        1233.exeGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        Server.exeGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        tls13.taboola.map.fastly.netHGrt.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        v.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        4818840.dat.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        602b97e0b415b.png.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        SecuriteInfo.com.Generic.mg.44669e0ff064dfc9.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        SecuriteInfo.com.Generic.mg.3964ec2fe493ed56.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        SecuriteInfo.com.Generic.mg.f76b81b0397ae313.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        SecuriteInfo.com.Generic.mg.f77e7bd43f365593.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        NJPcHPuRcG.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        Ne6A4k8vK6.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        13xakh1PtD.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        DUcKsYsyX0.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        RI51uAIUyL.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        mon44_cr.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        mon41_cr.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        mon4498.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        e888888888.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        1233.exeGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        Server.exeGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        contextual.media.netHGrt.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        v.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        4818840.dat.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        602b97e0b415b.png.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        SecuriteInfo.com.Generic.mg.44669e0ff064dfc9.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        SecuriteInfo.com.Generic.mg.3964ec2fe493ed56.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        SecuriteInfo.com.Generic.mg.f76b81b0397ae313.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        SecuriteInfo.com.Generic.mg.f77e7bd43f365593.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        NJPcHPuRcG.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        Ne6A4k8vK6.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        13xakh1PtD.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        DUcKsYsyX0.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        RI51uAIUyL.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        mon44_cr.dllGet hashmaliciousBrowse
                                        • 23.210.250.97
                                        mon41_cr.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        mon4498.dllGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        e888888888.dllGet hashmaliciousBrowse
                                        • 23.218.208.23
                                        1233.exeGet hashmaliciousBrowse
                                        • 184.30.24.22
                                        Server.exeGet hashmaliciousBrowse
                                        • 184.30.24.22

                                        ASN

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        FASTLYUSHGrt.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        v.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        4818840.dat.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 185.199.111.133
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 185.199.111.133
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 185.199.108.133
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 185.199.108.133
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 185.199.111.133
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 185.199.108.133
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 185.199.108.133
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 185.199.111.133
                                        602b97e0b415b.png.dllGet hashmaliciousBrowse
                                        • 151.101.1.44
                                        #U00dcberbr#U00fcckungshilfe III - Digitales Antragsformular.jsGet hashmaliciousBrowse
                                        • 185.199.110.133
                                        PO 20191003.exeGet hashmaliciousBrowse
                                        • 185.199.108.133
                                        ce8fe9f746c521ecc687fb0482c663fc.exeGet hashmaliciousBrowse
                                        • 185.199.108.133
                                        POCM 202100322.exeGet hashmaliciousBrowse
                                        • 185.199.108.133
                                        n8I6klLQIW.exeGet hashmaliciousBrowse
                                        • 185.199.108.153
                                        ZsoqHwHJpN.exeGet hashmaliciousBrowse
                                        • 185.199.108.153
                                        lo43LR99EV.exeGet hashmaliciousBrowse
                                        • 185.199.108.153
                                        ORDER FRD91PM7.xlsxGet hashmaliciousBrowse
                                        • 151.101.1.21

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        9e10692f1b7f78228b2d4e424db3a98cOne Note cbuckley@cnf-fiic.ca.htmlGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        HGrt.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        v.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        P569878.htmGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        X2Q8MaK1Zm.docxGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        Sccid-UPDATE.htmGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        4818840.dat.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        bad.docxGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        executable.908.exeGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        602b97e0b415b.png.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        PO 20191003.exeGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        ce8fe9f746c521ecc687fb0482c663fc.exeGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        POCM 202100322.exeGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        ORDER FRD91PM7.xlsxGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        CHT International.exeGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        SecuriteInfo.com.Generic.mg.44669e0ff064dfc9.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        SecuriteInfo.com.Generic.mg.3964ec2fe493ed56.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        SecuriteInfo.com.Generic.mg.f76b81b0397ae313.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        SecuriteInfo.com.Generic.mg.f77e7bd43f365593.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44
                                        NJPcHPuRcG.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        • 151.101.1.44

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\MSOCache\All Users\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Reputation:low
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):15296584
                                        Entropy (8bit):7.999984716933545
                                        Encrypted:true
                                        SSDEEP:393216:b6U3l7JiJ3NoWJhbJeO7VxLVdyJJMkM3xzUHa8:bf3lwBbJT7VxCpq+T
                                        MD5:6B4315386A31EEA46E1CBF2CCF9B9C6D
                                        SHA1:5623EAFE9A7A4F937FC8F36D6802129042BDC09F
                                        SHA-256:F64F08DFB375400F468D352FD5A980E303D7992EC96F613F56DE3A0A509D63B3
                                        SHA-512:51D4167FEB9DEE8C501B41A6361E86E94D676F55CD29257C16460FBCAF381E73A12BA3D196D74FDFAB3FFB0AD92E7B3BD981881F2516419140305CDDE8700350
                                        Malicious:true
                                        Reputation:low
                                        Preview: Z*..q.).DJ....O......w'z_.$.f....pg-PB.@.......L^a..q .o+....#.O....I.......|K.k.w|`'(..<5.L..W...5..lJV.q.I......t0.#b..J|/...3..(.6..N..S..>...{......\..V.)./........m>.$...aT...Q..,G...u.\..C.;......K..K.A..R...%.2G...@..A!...C.be....@(..&......$...@......i..........h..c.0.bZ..+ ....[?.b5....]......o.aS........A]..7..K...I....}&.#H&.....;.f..Gz...7R.j..~.a..B?.R.....D..@.?Ii...;....<;..P.M5.X..7.j..e...>K9^+U...T..Y.Q...>ugzT.0.....|F...=........h!r....j;T.-vk.X....Y.b>.R..IS...q............%2..........r*...1.v....b..3k5..e.vB.5..h.x.....69..f..$t.1.....L.U....%.^.......0|3.0.,r?..U..@.6.*.n.A_;j..S......C.=+O...Z.....y.~.%r.....B&.....FrMH7.C.9?.". 2......L.q.Xd..s.s.7.H.)||......|.Y...4.....n.l...;....x.._..>....T.|...M#I...q.F.../............."........>.-.!.....l..6...X.n..&.M..2.......".$\$.^... n`{q..J.8|..9jAE..0.~Hq@.Q..{.Gc0..6]T...k.Zw.v.M......@zI....zR.e.R.k.B..]6i....=..jZuA .x..].Pe.......Z..3.(<.5..M1.].N..#O.:>.;...nzu.`..U5-.
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5526
                                        Entropy (8bit):7.96988627750392
                                        Encrypted:false
                                        SSDEEP:96:QpVB9t4oyn8KPqsP/o4RtyV9dUQrQWnF2dgMi4glugTLWVpV:Q72oyPP/oWcGYQWEOMbgvvQ
                                        MD5:9A5B9C2CE960099D9E71395ECB430A74
                                        SHA1:006C08B1B2F9253E3FF087321D4482F363F99303
                                        SHA-256:2D1AC0F50E2EA34EFF4B1F1A298592D63FF58CECFE6A09F60E433D09E48362F4
                                        SHA-512:59696C573127821DEFD188F7B8F8E00A8D4A31926A1DCE0EA1AE0903B3175D92A1018B074062F9FA8C315CC154EAE31461DEBBF5A0D9C6EEE506DD77B28B5AB2
                                        Malicious:false
                                        Reputation:low
                                        Preview: ..l5..e~mV..{.PF.3uh4.C..."R..pc... ...I...=...F....+..e/ry...Q4`q.h1.NJ...P..D....E.....)...ce@..t.=....=..|...D.2Iq..%.zenj..@.k..@x.ej..(.~`S.Ze.g._)>..D.oD..1..[...".I..9..#u~cLg@K[..a....$B{].F.VoS.&...:..H-.h.D..X."......;K0".).....e{..............v.s........T..";d.......*.q.V.\J.>;..g...).YO.W..PL.,.Rw.N.'..m....4.x..T.2..w.........D....^..#...s..i....6....&.BD&.E.5..x.IV..4.N...a"<.1.....V.`>.b].\{.&M/O5`..X.K.'T.rM..b..$yQ.H.(.;%~..m...;.f..`3q..%O..xB......q1.!H..DbD...5."...............$.........G..Fb1ZS.>+.w...B..mb...%+........1.6.mK.....mE$.z.-=L/....:.,...Q.D....:...Y].....m.g..TXo...X......k...a....Q..~_..en.M...hc..w...g..(=...Z...J./_..g..B.^a...i......E.h.F..6........"k.o;R..9.....H..Pd...)...4+..v..\....5j2, ..s...rH.&m._.2..6X...{..h.{t...g.x.X.MX..hJRN.(.H.h...Zt...R.....'.....m.!5........2....;.....u.u......@(6."..W+......~.c....I...?..U.....u.g...F.X...w.........q....SL.~.5....g.q.=...V.fV.&.u"$.".@.E...$_.|mV..&hWcU.
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):17642
                                        Entropy (8bit):7.9891893012740915
                                        Encrypted:false
                                        SSDEEP:192:w6RUE/ULn7zUL5dTd9xiu0QpbuWI4YHq86CeoGsGHWXGDSmxHVjyLB+jWMrwCi7z:17qEiBQpbt2q8ARq2VjyL2Nhr0p0Ja1
                                        MD5:859C575D867CD7C739BD31289EF771F8
                                        SHA1:206D5D6692DA810A6554AE56C9B3D344F75B742A
                                        SHA-256:AC39C9631ED0E494623E4EACB268AE23C1BC089EF91FB45C85A3DE31D6886BE0
                                        SHA-512:A8A51BAF1396E3039E06E67B9C3E2871D90A722F3B309967B7189AE5DB88FF8C481FAA0C035E2246BD01B69D0CDAA77196924F965AD229E7540C2F782AC9C471
                                        Malicious:false
                                        Reputation:low
                                        Preview: ...[O+.0....+C...K.V^X0.!-......3...W.j..#.......".:.yB.S)...'Z(.;.6..<.X...3..g..dd....E.i.(...l....`^....o.0.. 1.!DK........5Ww..QaU~..}N<y....k..&Z..<..._.T..3.f.f........5.t*..fg-.._8.t_IV..Qu.@.m..Y.Em..@..e.nE...,[..`VQz.2..]..Z..e.)..... T....rZ......".....p`....)(...DiQ./....I....`.....tA.nE.l.......v7.N......7.PL........l?6..3}.*..2.!.K*.dY.O2.;hC_(@..p.'. .G.....Q(e.ttU".S...D.gH...&..rM...t.........a....7.....|....F....u...q.8w.J.....N7A.M....V.[}.P`&S..IR.......aW.g..............$..B.......?....$...1.....=.qfr..Eq.~....n...n`..........E..+.e.x.Z....b._.k.A....%25$'.=.P%..\..d.h..!.r.`..s.5....DF.K..v...IAs..\...9...3..q..B.D,...eO@).ZV.3T...kF.Df...gU.'#.........[4.O......c.`.:.y.E..a.|$.\..KB..N...ei.n-.X.N.C0...6....--;............]..b.h[....[.. g4..v..Np.....O.W.qT.....8.i.Z.;...j..(G...........T.....2.C....86..b.....L..EWm.\N..s.H!..@._p.. .6v-...7..}!.:...}w.$.R...0...<..;..8...<A^. ..nb..e.eO...Yq..{...LIz...6.....L..n...#.ov
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):161789984
                                        Entropy (8bit):7.999998953422264
                                        Encrypted:true
                                        SSDEEP:3145728:581cKDJvJmlxVbpfAWlp39UTF8O8bnqnSz5SmSE55+znoVS4vK:5iczPbpfAACB8tnkSQcP+z0Sh
                                        MD5:2A949E3B786443AE466F70FC19F846BE
                                        SHA1:B73C1867F7FE5E7995A74034B7CC0461407879A1
                                        SHA-256:E22DAEBF55E1948F607661933CEC3104C2D59900ACB780B7BFD16AC02773068B
                                        SHA-512:1BD7E75DA0C16C3B32E13D7154389C244A389882C0D4C06F8F68D1E4B4EB94CE4F8C30DAF9EF263C2FB68550AD7267A9B43A0BC5AE72B12B92C7C713EEA1BBE0
                                        Malicious:true
                                        Reputation:low
                                        Preview: Q..Z...Y.|.3.|.....&.Me8..H~)r.z.b:}~....R..=.V...........c.+.;...{...X..%[|:l%...Jhb..g?.....,...X....V.].h...|.......X&e..z..K.H.....;.lju.....;C.U....W....v.8+8....#..f.j......uRv......l..1. ..Ye.T..........E.,.M.t..j.....\/A..6..l..V.@.../.q.8'..rL..0.n.XQ..Z..J.@..e...|...y..S......wn..c.........zji..i;...*-..B..V....3..i...YK#...Z..:.1.o..m's...G..O..>f.|...?YVZ/.Fc.k.1_..y.<..."M..~r$g...l..1.....9.p.}...e3Q,!j..".{..S.t9..r.u.T..}).I*.R.[....s.R..6.....Y.D..t.~a........]"G............%2^lI......~)...s.......nnB...B....m........T..r....r...."...H.x.]JF..gvTs$c..E...k......%...9...&..b.?...d..W..W.A/W.&.O.......&..ii...a..hK..U.VSy..N.>.19...:.|I.q...9N:.........}...B.S.2.l.sP.A.rkf...[K...]"...@.KU%.-..3..B/..*.)I..28[<qu.#..}_......./#%..\ .......V.,.....~..8..m.[.=.'p........1..B..'..2.Y.`.-.:.`.oS.J/Ha......E.4......._. j....G[S.:L.....y.5...S.H.z.....wa.b.x.o.S...,3.r..6?.$...(&Tk....j..M.".a_.WR..D...aC>&.U...^<IU.@~F..~.b;.1
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):124578134
                                        Entropy (8bit):7.999998563803178
                                        Encrypted:true
                                        SSDEEP:1572864:nIcGyiddvLzYOGVI3+1r6UzN8L/565HbGmkLLjerYRO5YilKtvov5b4i7fxQ1Sxb:IcgLcOG63ApNa65L4efYvobb+1SVCi
                                        MD5:FDEB9B29B588A172A036E291AD0BE563
                                        SHA1:046D3C221B33FCF532D3951B11C6428F1D465B73
                                        SHA-256:0898F2E047C067E133FFEFC6560ECE5BD39D0776F87565AFEC8C722F18D79BA1
                                        SHA-512:59517238D5940623D85670CB86BF7D326DE8075C0ECDEECAC5B5C27D9E5436FBA8B254F86352E95DB492B4AF04FDDFADB1AECAEBF4575490D76C272AF882F5F9
                                        Malicious:true
                                        Reputation:low
                                        Preview: .....#A. ........!....Z......-wp.f^.$.j...D6).8._,un,`....p.l.y....D...^..c?@...p.......Q.K...GG....#T..g.......:Z.3.-1./.>YK.B..j....~xV-.....t..$?.d.} x]..n.&._g.H...8G../Q*.5`...s...A +o..*...bchIa 7..h..p.|....^.H.....Y..&"J@..,<2..,...C.w..wu..E..v.@.b<?.%.E....c..=9....G.~.......n."..,..rOU..c...f...G.*..,.FWC..Q...H....1z.p6W..b..@Be.:.P...P....`ox.$.]....[j.....u.Z.....~.Z..%e......{..........E....s\.....3U.."...<..{.. t..1.f...{........(d...f.&;..0.I:.0...W..G.&...X.6;...>.k.g..T............%2............ ..../........n....../e..........?.e..wp._..2.K.'..a.e-36..i.X3H....G.@W..VQ..(...^.&d~.#...'O.7....b3..R]F.v.8.jyo....b.v...l......0.-i.Lx.r.?.G..Mb...1Z..&......D..S../......S......,d. ......Vv.(%!..WT..P.w...,.A...}I..0...P.X..^.V..+.%q..bCG_.k..[..H..)\..........#v..........M..a.J.i..!..nR?8k.3.........I...T.0..<.I .)}....z.....s*...tQu+....u..O.U.#<.../..\.....<..5.Y.Qx.s...6v...lq...fb..kF.@.JM.....g.....H|aQ{.....#2h.{S-5.v...
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):28316
                                        Entropy (8bit):7.993208010167001
                                        Encrypted:true
                                        SSDEEP:768:/T5nJLWPoRYI53ut6mGMHKeXHMs9feu++8I/Hr:/FJLCoRYIRut6mGMqyTfcIvr
                                        MD5:3F14B75521B412B90F7C80E25528AF70
                                        SHA1:8844ECFFC9AC6F7EADEF63F98993AA9C77B82AA6
                                        SHA-256:9089B3210EF96174AB912320443F5E0B38CCFF75A88963D94A8FE2E9434ED164
                                        SHA-512:D9CF599F1E6E10AE9336B83A3BEC4CA18D05B1E95BEA205588FB9E07D06F4743571866B90709FA5662E4493738F51BBF3B2EE976A5AF420250EB0009E200A2D6
                                        Malicious:true
                                        Reputation:low
                                        Preview: t.P.i..5.........#...VHF.......P..A_.u.,.J...b..g..@SPMU......lwE....wb~...W..-a...ZU..&..e....A....S.....P,...$r.Ex.v.. .....},.S(..AL...R....c...`..b3b.^aY..[&uf.F`0..c'.....U...H....I*..f.tY..2..z....v....z.b..y....(.B........L.[............y.t!......= .@u...!.3EX4.@.M.......C.@A..l.%.r...._...}6..B.h....".B%.....cQ..+.V...U!.....k..K.......S.A.Wn.^..tH8....XU...r..($..z.&.u...u.....f....=.+B.x.........5......s.g.9...Eo...e..+#..A-$.-.:].3.....4...>,V...r.....#...V.?.[.~m..............$..l.......-p;.......*.)..zF..e.dj9HYKI.To.....O.e......]..?....m}|..].;...&<.+|j...{..wH..Dz.nb{..L.g5..c...7.f,..K.T.."..{....Xi.j2JWg...R..a.r.J.;\.^..:.....^..../k.........$...0..n5X......g................R.8]...d.)-..e....Y..S.q..k.P..E.J)...iE.q....#......W.......t...5......5.k..a..n.\.2._.^..0..Pa...OX.U..Q..^.....`.!.,o;.i.9..G.(.7.(.....o~e.$.8Q$N|R.(../.......@..C[.[..T.4..UH_S..*.!..^Z?.....;..&k.....1.C.....xm..6.vX...Y.K.L..k
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):591057
                                        Entropy (8bit):7.9996933563178345
                                        Encrypted:true
                                        SSDEEP:12288:qZtd9+eKbQoVlLp2ryj+0QNWGziSmLa3AxOAUJzbUineMZ5Of9pN:qqeKMoHcrilQUGeBLawnUJXNeK+9n
                                        MD5:1EB3E4489409E7F55A0E20646E3D8BB8
                                        SHA1:94D9EC95BEE2BE0801A49B396F5A191EA99AA753
                                        SHA-256:E5735634A8188BCDCFD0C4B84174FE8ECF461802539FDDB72E3592652E235B6C
                                        SHA-512:B8E08E6CB856B67D320EBC62879D464C82C19A151B4743C814414F8A3B1C969F717F2D3DE2AA6DB8607FE99F7A6B1AA7AAC047E94EC7545BD3088EACBBC280C9
                                        Malicious:true
                                        Reputation:low
                                        Preview: ..`@...L3..-.........x..{S^N$...a...t...q...=..)....D].E@....k....f...&.B...QCI.B...}.....G.L....L......J3.W=!..k\...$.;6\..-E~.............\=R......8.".l..H1.U...vo....-.....Hd...i*7....gS.j......k.....W[...`.E...S.[5F...h.s...!X....0An..4.e...p.m.........+.G00..`....C....k...d.....)..o.K.w .}.La..o..)....Cw.:....<u.[.*H9!o..w|]5........j9..0..uO.Q..{6<C!v.....iqZ.|...pQ-.A.QG...W.\.......v..t.3.YMg...rG..[ ...Jk....+...K)......-..H...J.E.L*".K.,g.$h.4....;...;D......u.h.u)............$.........v.o?s.+......^.o..Q....#...W.vz.o...S1.."._M.Y..R.7.4k....j|..f.u.....).)Aw...j.....MA....A.=.....h.J...w.s%....mN....`...u....9...D*......SY.B...MK.tS-_a..?.`....u|k>..m]5. .yd.3G;.......'..FU...tgJ...;...o.r....V..7.N..w.l.z5h.t.|.#...<[6.&..?h..Y..'sx...j}..X.....3A.~.tN....Y..i...}V..#@.-l@..oq../%Fu-.....o).+....[.*...y.R(..P.E.ME.of,.a.R....}.....e..P...a....M..@M.z.rT...MB....+.v?...."..R..q.@.....'..N.|._r<..~.....e%.zxj--.s.....W..j.
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Reputation:low
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2885284
                                        Entropy (8bit):7.999934069726198
                                        Encrypted:true
                                        SSDEEP:49152:JMe4oz3YcYEakzQh3H3rDuxfiuBeFZP4Q37Ms3AX/Jy7UJ69rOB4/GCnXcSV:BLTanJXexfiTj37vAX/YsyGkMSV
                                        MD5:3DE667FB771E2CD94E23DA992BFB61A1
                                        SHA1:F5FD015C84C15BE325CDD47F80B6B42B35F491E8
                                        SHA-256:B45D583240A2A0C027A32DFCCA3E16AA613284BB30D025921917BDB7D88B4C14
                                        SHA-512:17D4B2A58CCD4C9FD7761E6DF683B53611CD2E23F2BCE7A4E023A94528CCB80C36246E742B48B476F50D4DAAC3CEE0689A82420394EBA63B73C9EFAEFAF6353E
                                        Malicious:true
                                        Reputation:low
                                        Preview: ;..>=.._.:......L.7..ZimNN....O.8...rHy.@..7..%..U.......|tf0b!2...f.V.s.;..........7;S.J...%.x.".....b.S. Oh..h.Q1.......]>............z.h.)Ow..;.....8X....f).T`w....i7..e.^..0..p.....Trrm.v...~....w.U.<.rbE.....y..-=.`.........3.o.Z..Z. `.$.F.O._.uVe..-]5w.-.B..... x-d....~QP...q..L..M.\.R]A...}V..H.+H.*.kbd..)....,9......qT..-o..H....!Q.l&Z]m0.>.........G..Qe..J.....5.h.W......VGk....X..8.`.r....TU....-..l......;..h.....'u.".d...K......tP......f.s.<...E...E....f ...=.,G...<cZ.<L................%2^.X.....*.....@r*..[7.._......X..6..I....R'.N(..aZ.?Q.y..dO......,.|o.."..%.D.%..+{..o.t"Wh........N1&.&..K......D.........>V..K...<.,.i...!2.K7......V..w9....F.....k!..H.Q.....L.0q..w`...rT..,....W...Wz..-.M.....h.v..`v......I...L.p.u.x..X.RI8.d23\......T..]._H.2.Za.....C.!.+.7Q+.A.........k3...[.f.Hx._.x.wif....Z..fH<.6.;.B....T.=.k...]..a.PB"5x..F.')..DN..8kPE`....I...b..[.Fe...$(...V+.W..W......@.4g..D9....>....Wb...&.P\.|/._.....,.i
                                        C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2314
                                        Entropy (8bit):7.905407386405289
                                        Encrypted:false
                                        SSDEEP:48:53hwa4M0vgtmabmtigacS+0VmlQAJu2a7SoJcoatAaOYyXei9P:Xwa49gmaCkgaFvT2CS8fZFXeiN
                                        MD5:091C9212DA5159344A82CE5B9BEFEC68
                                        SHA1:63D43E5A44F12F045572CC8705A51A359379824B
                                        SHA-256:99F8FA1347421486188FDF94AA39B76F92C7E6FE418CE5B5FBADF59D264BD698
                                        SHA-512:86E5E85C2117E0986E33480D11A4671533A58A43FA03BD8303B5E66C5A358A87F3D3CD23F16207ABD4CA1559FFA8D9F3A8CDE486F115BA133238C5952756F5C9
                                        Malicious:false
                                        Reputation:low
                                        Preview: ........U.ls...E9.N....L.a...'...p......4.......T.x...e....B..1..hQ?....Y....B...RK....S..o>kN..`......e...3w.T.*.zT....EI.-6..k.R....X.5.N........I...:..K...[..v..B......V.TRa..j..q....g.. .....%..lyrD:8.v.."f.c9eV....\......-#).W.hL...~L[.`.B3.....#..A..p..C.BQ........U......&..s.......".(._...Z...q.y..+..!m......Lqt.KXL....zs.P.S....mfv.w.J~.Ig'sZN.'...oko..&....).@.p.$.DF.#.*...c....#>.K.%.Z.I.C.a......D........t..K2....)....h=^H.-"..%.s.Y.4.~V.3.....E.?T...[C....T..L.^.............$............Z{:........w.w...zk..VY.}l...,5..c ,.[A.@b!.....N.....~..L(.7.Cw;yi..S.6.K...^.>..r.P.....c.W.e.v....V..9x...)..,..a..g........K._......".2.t..M..M..&..7o~.D.(.f.W.3...}<6Q.. ...$...,.@0/........c^...F0[.'...e!Z.*.i..6.0G.s..Y...s..sb$.u"..79.$g-Y.......\30.....q.^.SJ.{w...h7.RV,...>./.q`.s.......l.<.F..Mo...st"...O.l@:..h....y!.k...{..P...B.B.....].q-..;s.Q.K..c...:R.........1...<...Dn.L54....A....G{..k.dZ=.S:E...'*Sn.r.\m....mo...
                                        C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3016
                                        Entropy (8bit):7.924800484290483
                                        Encrypted:false
                                        SSDEEP:48:sFf/N7iXulLdZpK0FAvcYwhb40pETiLc9uGTs4rSfvGn9h580pGYo0:o1xK0VYWjLQQ4xrqGnrWI
                                        MD5:D0F815340D677A92EB6C7FD60F65A4CC
                                        SHA1:3F44B7C4FF0D4D52EC751FCC248AC8BB8B78F028
                                        SHA-256:60C41525B84936BD644D8B50DD158D50F077F3625B5E780EDEC7FFC685FE8C51
                                        SHA-512:2430AECD259175E011B26AEE02EC98240E38B4FCB483735A767781234CED4BB1E7521D09806C0124EFEE86B53252DBC595DC8A8476DBCD8358F431769058CC00
                                        Malicious:false
                                        Preview: ./#.]..9..g=y}-.l~.Z.;...\....U!l.:}._*!. .k..~....9.bHd.....9.O4...7.}8.V.......9...-...(\..N....<.k......<..).......3c.,4.,...i*..l....{.ZVL...Q...7. ..(\].J..e...k?:.....Q.%$}...._e.q.....I'j..QO.......i7.n .J.nwn..<.....B.m.wM3R6D.~...-..T..g..bw..0..s..]*a.=tM.....&.o.k}..Y....$lq]xW..?d.MS-2&=t".y..!..n.5.gWCS....L..%......@.#.D.z"%.A...K....E...u..F.C?.Ft.+.<6.:.....@@.ab..o.Wx..<\.........)..$...,zU..)...9.!..p.........{*.)?.......k.g#...X.^......e..y.J....Q.c`{."&u.V.^MT.m."..(..............$.........R....}@{>P.^A.3..m......9.{...!6`G.%..`0..An1_.4...t..SH...=....".5..^.4.v.B.`m.u#..m5?.YK..0.R...X.P....'IB3..{....h.../.|......h.-....f.E.......~.8..\En.`.....WNyz...u..^..n.=[....b..` <.M....q".*.?...c_..}r..b\_K.t....ND.3.......v,.........2......Z...s...%.._$.y...b.Q.t...c|.:.UP.l.`G.G..O..d6..8=.N:9.F...R.Qr...)........PK.[wu2?...6...|m.>..".9:wO..;.i!q...y.e+c.Y..rC\I$*N...?..a....W6.3..N.z.;{....4.4........N_...H[....h4..)H.YV
                                        C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2195
                                        Entropy (8bit):7.901939931725012
                                        Encrypted:false
                                        SSDEEP:48:55huiJGf5yhbAbqMgPXIRuym222dfS8H4N0k0oA5n:rsME8bSYIRuydfS8U0mA5
                                        MD5:3EA8A1D0F2DEBDBD1F09016CBE901336
                                        SHA1:CCD3B954F9B6DAB85697536DFA6D16396567AADA
                                        SHA-256:47D8879C265FD8CA376C9E8D956FB54B1E5CDA07C91CF33C49F8A83F9FB254FD
                                        SHA-512:695DFBE09230A600A7EB91628B142D0D91F33A41C0DBCA56E5A73E0A9CAEC9A92B39884F32070E3D34AAC34BFDA1FFA84E034B21D45BEE826D0369D8362E2BFF
                                        Malicious:false
                                        Preview: ...i6{..J..-..E.8.i..}.D#k.$. ...G.....Bh.-..vV..'...M...."m.W...,....q...[.8.K.............[=.T.)AWs.....|..'WgT./.d...............%a!Fo-...W..x.BF|.X.9.]BrHb.....w6&....vz.\)..=.f9Q..xTe..).UZ^71.....J...".6.r.........A..]r@W5..p...g..A1..V.....:.}.'....c))j.S.-.-.Q.l...m. ...<.?.+..4.......'S...X..'[....M..R..,....c...N.e..1o....KE6...:=.Z.........~_.sW......C...?.c..M..=<.fmup.DZ.. .w......m.#r...1a7"..T%..0.....s.t^.O...z...o....1L/..!I.VX.k3c.{.....H&......eZVKZ......-...MU..s..............$.}.......m.]...$jgs.._.:..nmSf..l.....:.4..`......e.7.p.!.e..x?......Z...(..Q.y.4.*.qDv...)..h.Wk>|...].0....^....9|..A.....~ .#.....O.:(..R.Nt.{...k+.U.1=.g]..._.....X...vPc..*....Oj..k.qs.C.O...=].w.....tc0..!...Z.@d.e.^....P..,.fv..(...'.)]..[.[..=.ti.>..&.ly.....,GD..O..~./[},.).....;.m..;.uZdg.6..<.:...mN....H.r.j...Z,..@M....ER&....;...+.X....c..arW.A..Nt.n....R#y....R|....=....r%.....!.{...jkq._2.m:.m.....l....D0...4......-.`J.BI"b.&sxV.6..
                                        C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3155584
                                        Entropy (8bit):7.999939767942477
                                        Encrypted:true
                                        SSDEEP:49152:orYVLp1DrGWpWGn7BUNuReMmxX6tKTsQHXYWQ+IxlVkSpkWUbfUKZnJcK:orML3WTIReM5UhHx967khpx
                                        MD5:3D02E227BCABB54311606975D3C7C703
                                        SHA1:ECD8BD7C9E02B2F5AF8DF29CF44559B22D643E58
                                        SHA-256:0E631FD912F8FD381D01AE15CF1616C3F4B80104302010B3AD7A6F04E629FE67
                                        SHA-512:59B2E1E8DBC57BE62CE35C668636A6D53A622C43FCD3AB527370816F1E21034DF1DB80689EA3520951B012DFC78E0AFAC0CCC28E8F2D9F8BA67C5CFCCCAD8FE0
                                        Malicious:true
                                        Preview: v=)..^...d...a.w..).:.AjZ...q....A....6.p..[.-.H.3.e...m.i.0.<8<.=".....rv;\?2.'[..W.z.......<....g.y.{.c.H}..qt.Z@..{.5......E....S(.w...37.n..4.~./.;8.}H.s.{...T..=....2!=...}../.j^....`..K....],.i..&.=.[./.l[.< .3..d...p.Q.C[...r.-.1p.r...J5....:.@.....V.|.....Q..8x^'L.Em..KA...-.r..-....f.....4...'.0...P.......Cp.z.I.....v..m.h..e4...'l.Yb`......c...;.L.CC..c....nSMP.a......E..RCE.Mj.@"k.O.Q^B...i..b..3.}.4v..d>.{....3p}.{..M.;...; ..jA..4..%Cb.P0Xt.8..+K...8.j.u.$....M.Gx."...j.K....u............%2.H`.....;DY].1.s.v..9.z.a>..#.1cV..:.m36Iw....j..]...`...Rd...U.4.....YB.."k...6.h....;`E~...k.....+..2..{#....L....l..?.C....../.a%@.^=&.k..1p|.a....+.e....._,.v........b.ra.".......d.j.n?&x.iy..ES..aJ.*.v|..).s....[V.3..uQuB....F's.F.....-UP:...J.8.XE......IB...)......A.....qw...{].(..o...8YV..T?.-...x3...G.>.0..p..TuX.8....D.|.........s.r....YO.,?...|.>..u_7....Zb...O.A.y.7..B%..&l.e...a.Y...9H=)2./oF.w.$.....d.;5.!.Py...}.......aTj..p5V6....\.*
                                        C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2606
                                        Entropy (8bit):7.919196188428878
                                        Encrypted:false
                                        SSDEEP:48:CrWIKIwVF1EEWgGV0twYQz10bqQG4AsdQVGw3vNlpUZ8ixbpPMT:C6nIwr3KVDYQxoAseBdUui9xMT
                                        MD5:9FEC818BCEA474712D71B0B359191225
                                        SHA1:9C962618A8C5189EC006EDF87488C9C7B6106ADA
                                        SHA-256:9E84D59478000BA83D9C13B7892E5FBC663923B08189EAE5B09DAD63322ED6BF
                                        SHA-512:57F22AD7FA31B1362638C34D2F8391DB11977D034B00B069FE191B02701009CDB9A522993B7C750566145D6D20E28FD1D3B0BE59F17A127EE60814CD850C3DBF
                                        Malicious:false
                                        Preview: ..0.]"...d.$....N..xz../..0W..r.k....n.jxI..J..2.x....3.X......W.....g.#.4` .$"...#..)..O.E....c...;wv86x1..m.Y2;Z..h..ji..X....#...j=!...W.v.z..^.g.0..}[...b.".E0..u..0W;.3./..+...d..1[.v..iD..6E...m.y;....;..T ~..b.;.;.".>......`...H..M........=..X..K..Ww.%~yQ..lx.J'..X..#..t%.M......Ax1...D ....V....c=...,._S..@...^....*. .N.k........9..~.J./.du...L.....0|7.!E9.|.W...#^...tA..._.5e...L...`.\..^.....0..+.."[....b`........[.I:.<.9f..._..3...<../..\XPH2..\7&&.~.][.....j.u...=.*..dW*6A............$.........8'....M..<.p...<.....!2u........k..@...y.u.e.l8....h....e..f.C.....^.Hhut......Q.K[`....O.!.n".$....Q|.M.].d?.9.".W%..x.V...l.y......"I..%........XXz..V1i7....;g.....^.;o.....G....)........[._.M?..;......9K+q.s.GN3...G=8R$....}.T.B.,72_.>7...M:.D.NO,......m3.x..4......F.....E..wY..Ak..e......,.X...Q..LP.j)N.W...H*...7..9&.C~ ..b.+.3..6-.F..I.[...V.....g].qT(..k7Y.}..{...ZX..<.>.=.....-.*..g7.bo9.b..Tx..h..XI&.......?T.u.....4@...`.,.7Y./...,o
                                        C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999814928595512
                                        Encrypted:true
                                        SSDEEP:24576:OWeXBFpM7QTLnlf+/iGStFRuWrwT40ocNsVkEfI/voJkdu:texfM7QTLlW0UuSvO88
                                        MD5:13EAF926BFC6BE5104B6FFAD0AC6DF97
                                        SHA1:C87341C668E4B5F9614143727C0667A44FABCAB5
                                        SHA-256:DD94A6B1C0947E4777C63F23594ED304358BE0CBEC6777E91E6E8DDE0A594C8E
                                        SHA-512:055B2554E7F0F27AE507B1A878D0843492E74EF944B38EDE53C0ADF1C69F2918C7DC1FEB8CDDC74F34680D7FA0BD5D80339DEFABA44E0056B06CDE054948D7C8
                                        Malicious:true
                                        Preview: .`*....E....Q....c.<.9:p.D.Q.|.?|W.....|rye....Q.q.U.....`...9$.qu..............G...s...=.](...3..[:a.HQ.....tl..-.....]......,V..U....f.....M.......~g..DXc.t .w.!..;......c.n.u..z.U.^..Do..C.;...nr.S...Bf0....}._....q....^.Oj.|EG..H...rZ...I....N}.....C.n....Zk..f8..>...P..*[pA5.|.f......V.....O.........x..vh..^W..,*..b.S{......`.j.....,..#_:.J..&.G&.u.....B.....6....+.@{..>...B..gC...~.....q.......G).-}l.l$) ,WkgQ....S...!....M.(...C.......Z.d..|..&.4@.........1.....-R.1..~.ZT..).~.'............&..X6..............AF:.. f....}.....&A.i.C..g.O.%k.f.r.1.WW.gg.....?.U=O..e./Hr.[.l..P<...)..w...=..8..@..|>..`...i(EK...g@.v.5T.........NW..&.].E--O.>..S....?.......E.O...WB(..?C... ..X...$...dB.6...Ji#..%w.....I.iR.P..r...C..E.6;(...u....or....'.l...l.'.j=1`r..."~....(~\....h8RG)&...T.r...W.......C5...;(......!..T..znd...^E4o|.../ k.....JQ...W....}..Kr...c.ai....>.7.......:LmZ..-.Ml5...0.!.D.X....e......2.s..L...0..7;...{.....(z.....[Mah.
                                        C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2196
                                        Entropy (8bit):7.912367565909164
                                        Encrypted:false
                                        SSDEEP:48:s5StseHG0HowN2m4JPMRJZ066i1M6ZbjqOwxjRRCxIu7EI/bE7E/:seVHow4my0z06vnZbjJwL8qu7EcbO0
                                        MD5:834A7D70BF05801FEF7F661A1363B648
                                        SHA1:40566E1D6830E890BA2BADB140988A2B5666F789
                                        SHA-256:546974127A90EA1293FB8E2005CF67EAFD600415333144BF36F71CAECBDD8F16
                                        SHA-512:BF626E008D07A40B5B3236CFB17DE9944B24DF59FBD303ACFC12F7CEE72CD99BB0141E4D1D496AEECFD70F63EA3648D40E29818CED691B44D7D993A8D10ED7C8
                                        Malicious:false
                                        Preview: .s.Y.}........}...{..jW..G.g).f...-..........h<@.j.C+&S..>..`Zxx.....U......X..B"_,.6@...M@r/3/..e3. .8.fr..k.5.|........9/.KD.#.0.;..=._."b...-c^nG.....H.....5.........S...0.#......M.)..?\l.W..z:.O.%.P~..Z.M=M|n>.R...W..... +..c...G...f^!...wm.*...C../zd........I..r0.h..s..l..LO..E-.G..`...C...&.0O&Q`.<....C=O.is.=,w..a..g..O...<..3=....-=NQ(..../;.\.*..w..rK...&.....B0.q.............0...Ud.NoJ......C....e.+).67...1}..t...G2..6Ll.....1z..,."IhVU|..h.....i...!".2.,..@jR&...z.m}*..............$.~........$9@.j.@...y..9..S....T......].._..NM.....'%........}.1.._..V2..l..%.Pr.#....x.J.8Y.H3.b.F.0....x...r&XZTT.....;.e..!pKn....J.L.)q......i.s.xZ..BWN9:J.t........J.yi......K....:..U0...-+.B.@....d...4.....cY1K.G.[........d...*....r#0.....%.H[.b...F...e.%6!h..2.).d.6..Z....z.D..h..C.b.~J..1........5..Y.9._C*N6.T..u..K..u...y..+r...Oa.'Jz.....P ......Y.M...%.U].a~.ko[%a.;Q..M...o..C...[n...*.q.T...I.f\.E......x.>?.}E.;....|.B..@..NF...a.X%\.>..
                                        C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2329
                                        Entropy (8bit):7.9094206206404145
                                        Encrypted:false
                                        SSDEEP:48:TZrgJftgHg+MW3zkgIuj2zG8KHpgmZFyMjNqHc7UTRJySAPmA1ua:T1gJft1cj2zG8KzhAHMUfyT1D
                                        MD5:0A4203308022391ECD244C98FEF9478F
                                        SHA1:84F7E0F08A85D9ECD7ECB129C1FFA82432E35688
                                        SHA-256:23E9730EDBA9979EA757122B4F628F8FB44163E674DF18ECD14EA13F753790B9
                                        SHA-512:10996258923F6AD0FEED49C1069727290E2F890F9619258CF6DC19C3900B4D9B0E4F1551F96035540637F699E1F0593E66BC8DC244BB9237BBB8B16571B5D9B9
                                        Malicious:false
                                        Preview: ...Sem7]Utv.Y..5..v..}{...F0..........v..^*.^H.1...h......>1.6|.9D(6.8C..?6h... F.B.sl~j....B....O:...E.#....f.....k.Mq.......uYJIa.......<....R..h$.q\.....2O.........X.....`.y..O.#....&.D,....y$.3......|.;........a.~.&*O.....,70..\....I.+...P..>..P2..WED.,o.o..z'sc.~m|...1.........4,.+3'_.l..(O..G.....IU...BDe......GL....{VrM.>.../.D.(..aR...g.]..z..I.Q..D.}......!.U....p..k..I'20Cs.zH.@.....r.....%WV..%...p...ye.....p.... /.....e.".F....u.0'.m.......AIJ.M:p.U....v.......5.@..y.M.o............$...........5.....6....+.....~:..R......BQ..M..Th.qD..r].E..&.e.C...FE...g.3?..T...X..,.p....&dnM..BZ.|y..T.[.;..................w7.....d..O*...','..g..,<.VnM..a..s3.t.H._.p...9.!.P.J=!.Vz...:.v.m._[I...........s.H....kZ...c.k..N.J..h+...q0.:....BL......BG....OLJ..u........|..h..L....?..n.;]. ...B+..S....k_.}..c..H<..viN.k.A.d7.....'.].4.@....&...\.....".+...Y.x..X.K.Q[.....+p.6.i|4V..|...P}~...&.:..^..`d)@{..........RX3y6w..m...D..m..G.(.x?.a+.T..R
                                        C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999816437640044
                                        Encrypted:true
                                        SSDEEP:24576:s5XDwb5Uozzw2eGi8hNOAEYsq7oPG5zFC2wyA4nnnWRET:spgvzzw2eGPNaq7o2w74nnL
                                        MD5:D2C65E671FF431A8FAF6607E49064061
                                        SHA1:51EE353CD0BF323C8761BB322EBA2C27F119CE17
                                        SHA-256:3CDAA32CB95EC638F2115558D3A0CDAE1706F18F7204B4A198E14F70554ECFA7
                                        SHA-512:AD2BC4AB31F5B66DC77E2C3D5DEFDCC8AED0FC2750370BF024B9A639722B91DEDDE58232A03183B4F29965BD0FF43032044E7B7D0560F34529D4800A724E6127
                                        Malicious:true
                                        Preview: G..;"G.......\+..z.6.`.T.I...j.2.[.n...)....C.a...y....:.z.d.hR.>..e......a. I.[.5..%...Y....jb!.).)....K..<..F.`....c.Bo......M2.......Y..6C..Z.:<4....i....>vI..+......{u.s4d$.F... 0}.(..?..%..y..P...F......X.4....e..v..%..=.6.K.V....N...~.|?.L#..q..hF.h....B@.}./qgf..|.O..RW...I.....n..e-.Z{.Kq.>.}.qt...<.~L;..W.M.....u.....9.....c.8.....|.q.7.U.>:.....m\..A5wJ....+.Ukp..^.se}&..5..^.}...E.u.h..%.:.2...8...q..............Q.#..B........,.}D.5...... ..c.o.%..'.EmC&s..$.D.j[."................&..,=........<0....#. Dp.o..U...Q.v.G.9.........B..V...S.3..c.qIR.Hn.a.As.E7....5....s...&...eS.6.kf.F..~..;.O..`Z...;.....Q..q.|.L.LG.2............b?K...n8..p..01.L..f.H.p.}..@......n.u!y.....b.TJ$..ulI...y.%.=^ma...8N.C..;{.....u).=.....u..0ke.).P2w...d...I.P$.C$...!..Bz...t.g.._bV..,h...i............6J../oi..+K.n......bh}..^...B.........D.a-..!29.....L.CE|..*...&......S.......e...\..N;.i.n..N..jSG..CT.v.DND......4..E'o..a.....?LT....5.....~..g
                                        C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3371
                                        Entropy (8bit):7.936760376621156
                                        Encrypted:false
                                        SSDEEP:96:uUK3JDu5Pu8r3lRwrG3fTLlpIMW4IukUdxW+:uUK5DN+3lRwrG37pDW3ukiW+
                                        MD5:3C5E11028E874B9977E84C03A7717E54
                                        SHA1:581A09D536BB0E8067601FD669EAD6C683774894
                                        SHA-256:26A8F51E359C7AF86A5B2A812B7E4B201F8024C0DF8270626A6FF79621DC7CF4
                                        SHA-512:C93734D0EC223B22E07176798860410EEA1F594C5BB0BFDD658FB6847D2601966E13A65432C320638C1C7346683A33AFFF8A969A0CAE5435ADE9E3D3F118302C
                                        Malicious:false
                                        Preview: ..568v....;.vE./....{..l..<1j..cR..j.0..0X.=..F.>.K.r.....|L..$."..Hx..K..Th..P$0t...b...).V.5.<....v..a...<.}.?i).GZ:..M.2...M...XcF...j..N.....]........D..-.j.....e..C<........L.I...09.UK.0...`....Gp0.G. ...,.3......D..|....F..3.mc.8b...b.5.e.#.k..&...6&.O...U.}-P. ...ex#...VUu[...-(...8..Z'..^...#...K..!...........}..... .E%7Z......&..p.....snj..%8ZZ{..jk.......ct.|S....._C.....`...b...k.e..}.....8..G...D....I.9p..........@~.A...Q...j.O8Q.\.x..1n...'j...H..]?..K.._...7G.9.GO..'............$...........^.z.T.n<...F..'....A....p...wP&fb......Y.....)G.....r}.....m.N."K.Q.6.f..E'..,.G...M....X.Fsj...^.c..x..... .z}h.h#........".r$..1o.......l..5cY.w......i....l..H....M....lja.....V2...#....].......Gy..^.f....b...:@.I.zx....A..GvR{..*..()'d...........B.=(?...-p....F._..Iw....\..,8E...\..1Y.D.d....7......@.g{.....K(.*.....(.~,... &. .<.i.M?..Qi.T{..Q..k|iw..9.VJ4.Q....FC.e..J.U...D.Q9..>AX.r..`*.r.;3?x,l{....L/d.$.kK....jw.0....3.....UQ..
                                        C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4404
                                        Entropy (8bit):7.948757224417258
                                        Encrypted:false
                                        SSDEEP:96:uus3ERnNkN5bS1FlTRPqb7yzS/9bCO/QdnC+OEp2GrN0LV:uusKneNyLRPqb7GSUwQduEpNp0Z
                                        MD5:51E99B7A1A51C4545C71A62D1A138519
                                        SHA1:FACCD1863A1B9F8CB2AD65D58C66AC3293284003
                                        SHA-256:8A804ECBC41FAB78652688944CD95A5ED649A7A0DF7C5B864E1749E1863468DA
                                        SHA-512:CD49C2A8DF57EA9C8BD155D4B4581A5F00FEF7D2B1CC3B50F3EA874315FB3E55231A24545BBD08F1FA62684439A45E65FFB840023CAAE99A8C1B8C255C9E0FF6
                                        Malicious:false
                                        Preview: ...LU.$.X....".....4.....'.x..Q...J.n5....q..~.......9N...R5..z*..O.2j.f*..r...e@.j3..1c..o.......0..g;........s.lv..nek .[..6m^..C?....[8..b2.I...7.P...#...F7#.m..].D.O........Ai?...........G4...,.L.#.D&..j..9O....<.W+;.[.%.T...9......!q...`..a...C.J.~c...8.7....[:Z...E.E.?..9.;...3....)l.mg...N.j!..C`E..1..E.C ...lC"R.7}#.......]...5VF*.W..d...9Y`.<.f...~~lN.]N.>..P..B.8....x..K:...F.....3 ....)........p.......4....'Q...w`....io.hF..........p...'...d{.....D...A@...(.[....$.)..r.E.............$.........R......&.i.3jd3eN..P(.z...K........}.TY........iP7A.....S...*g......E.o.....[...nh..[4..v3.9o....=r... #A<..=.^96.g....x.............r.yG6$V...4B......;.RS.?.GB'.......Rg.k....q.=.2....az.T|!.2...)A..}...d.E......pu..~SYx...j....n...R.\..D......\SU.K..%.p$3....k]......M...%+.|p..s..X&..g..+....k.......D....Z...^...pC......1..;.3...m.Y...V..".8..'..l.0.Vd........v|:)..K.?.......&....G.#p.Ra....@..q=.r......j..h?.......?.T.L. ..Rh.....
                                        C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3306
                                        Entropy (8bit):7.936683360167118
                                        Encrypted:false
                                        SSDEEP:96:OZjvC+bCDcT60G0jlgUTSRYnjPT8GiFPzC:Otv5CwW01lg2SR038Pu
                                        MD5:3EFB7328308BEEEAB78D8DD9B922D6EE
                                        SHA1:17AE11CEEE2E19088A31723ECD4B8ACE40AA7754
                                        SHA-256:CE4FFA63E506DDEFE1914490C46A12F195EFA33CC8B34C6220BC4E993EE3D180
                                        SHA-512:1ADD14E574DDDD75C76737B7AF1EA7282FE35EF2EADA4FD93DF14B91CA3A05A178DBE44A45A315CABECD2F6920D288AAF2327B112495BA7B134AC5F16DA538AC
                                        Malicious:false
                                        Preview: E.j....2..9K.49O...S...L...h a.?...l..3J..]yS.r...Z..K.8.=[o..B..6.o5.?.b....&'k..7e+.,4.I.iIY...k..'a._.....P.z..V....a.pu...H.'...O>hbt..~wq.....@.......a.^.w...}......M(...<8.1..V....q...S..c...#2o.1.5N..RZ..\...o...:W..h.r?.V..oma^...c.^..H...\...S......A....Kk...f.............4...^~.#.I!.Km./rc..........e*..z...I.........}.^Q..p....>e..P.c.7...~..X,..<......r&-X.....Y.R..E...w..$.p..3..}S..%..yn.........,9.^]..;.r..w.-..K7..E...$..7..^Rs5...I.X..B.......]..v.C.^.!*v!.....J.Z............$.........<y.B.fj...o..D.......4.'Az.n..Y..*c.J.....T...._\..EG.....W8...U.3#.yf.!ntS....>A.).#I.2l..a"_...%...iL.....9!...}..`.fO&^..7...<..E..Z..i..,A.iB....,...!..W.4.t.L.yD.....~....&.....:.K.6.-q'1.4m.K......y..j.0.`..I..u-v.........6y...2...t)....L.T....EP0...Y..)..9....A#....h......Iz..w....bIj.......c..,e..-...qa.].@Y.y.t...Hiz."o\Rq=3...>.K.O.!..g.....*.).......w..ds........9cL.n.P0....?b....X.%.2.e.O.9{=......F..X6..*.....a..X\._Q.v<Myxdu.
                                        C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5040384
                                        Entropy (8bit):7.999967761229762
                                        Encrypted:true
                                        SSDEEP:98304:duDvM5nsz3gcoixjc1WKQQUvijajCadeXxlEnmu+dT2JNDZx6a8WD7pcJ0qDD:oDv8sz3gX1WAyijaj5qvEnm9T+DZxddy
                                        MD5:2A2299CCFBFFD83F93BD352AD860B1F9
                                        SHA1:AD7B31FCAD933C0A923654DCD2B6A7EB37B51D5A
                                        SHA-256:6F8C7305795713340B2B1F4947898CA31E89AA66189B202D0F04EA05D1297737
                                        SHA-512:7F4C2EDCF557C7A81F82557FCA252A72879DC35163DB6DC9D88EBEDBD6329E47D496967F562176FCE4A114FBD9A8AC8F1CD697D0B9672050BFA91A874B52E1B8
                                        Malicious:true
                                        Preview: ).......uP....B.%'.F.9.m.F...K-Mx..V....../..G-Z..b...................~.l.%uU....Cj...>0..........."Imh..~x"O.E'.K4.....O.l..`.]....B.#49F.y.#;........o..1.Co.#,..3Fjw..\YZ.........^AEQ8..}..~.......l...T..D..W._.7.v.......=..8..`@rQ.I.b...$..t. ......kI[.J..s...)..j.k.C..M...:`..UH8...O......:].b..b..a......bi..O......k......VI<.Q.k{.>.74/1#....XlE....c.?..5.u...n.`6&2iH....x.pQ`-.......4.<.....wT..(....jA......X.W.aO3....^.U.Bd.e{.XHaG9.d&.L*[].iMgE.%..kU...x^...vgR'....}.j9.....w..@............%2.........=.(./....2.vo.~.j0...(D....R..P0.G..z.........v..4M.W8....j$~..........y.9.R..=.@.O2. ..Q..|.g........*OV...b.......}.." @2Y.-.C...v.3.....S.r.d#=.I.."b....)..:..LC...`R,..Z.J..sp.9.B|.0o .!g.1.A..2..1..8.z..s.i_..j...6..SD...'E.k..E..w+...e.99gc.R}\....s...\...2..J...7&?...p..-.l.k....3.....*-o.5$.0d.Z..)..7..{.........5.,..'vK.......@..j.;..W....cT;..9p......7..w..z...[...K...:VSR.1.Fm.C.?.=..9@.H.^9v.F<.RzH..y.nO.&.KeE.d..!
                                        C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2642
                                        Entropy (8bit):7.920236963876818
                                        Encrypted:false
                                        SSDEEP:48:r8Uqxv1RCoXox6I0u5vmbcBfNa/D6N7cOKpfUXfIsGiqT08GYqKfCei5g:bqxv1ZoIIhwIBfNa/D6Nc3ufbGiqT0An
                                        MD5:59751BDECFCF345336BA8648EF757036
                                        SHA1:976F04D91781230BD6CC34F6F3E47C994185E042
                                        SHA-256:0B1E1CF1E37288B74483C1A3F279466C7D0ED3B83DDCD29BEC9AD6B08C4CB1FA
                                        SHA-512:0C864D27E2F31A37A1768CA8BFF51153CE7801BC5B644B175FCFE5DB828DFAA4FDA05E1FEC22080D188A5EC8FE6CA4EBCB35F9959C1CE6E2610686BB0A161CCB
                                        Malicious:false
                                        Preview: ..a..<$.^.>..`.w.9bp.[..T..q.h...0K..,..;.09...&.$..S_]..........G..UF.pv.@..*.1...D;..._..q^1S.W....{....K...|+`~..Q...,...*'.V@^.C%....;.h..^.[.y_.&.<`...C5.k5.....'O#...3...N71.....Q..6([.er.. t.8.M.c.LH...YH...3H0....I...8.......~!.M|..K...~c..S.0.W.I..r.8CW`.t.-..2...V.4xjw._...)d.D..(.@!.PY.m.|GNY..zd...........+..._6.....V[.s^=...L.B@"..s"..1.....I.r..z...]..$E..%.|R^.9.R...pa..{..1.T.g.X.c#..kI...^....LvF..eVk.i.!.!t.....3|.2~"L..Q.....i.\.8..q.4A... .l.;........6......c.FW.X.A.=............$.<.........}...u.....yg...8'....}..V_..:P...;..+p:k..` z1....M..,.....-.B*tn.T.A..l.e..R..X`?.........%8z.a........Ir..i...4.~...U.S5nk.K......cp;..a.k..$2..;5.d............F.aTS.."Gw(..wsI.....c}n..3...Y`&..%u....z..1....^....~..ap..d.1..I..c=....B.....culyUqHvs.HX.W.|V..!s.c...N...v...&.......2....CH...1..."WV$.&.!....x.{.*t.P.xI.P.MJ..:'D.2Cbp2...g.......#i<X<..{../b.2.....'.2Ri l......ph..1.,\,...9.....NL'4....'...h..........B...'...{.'.$zq....
                                        C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5829534
                                        Entropy (8bit):7.999969774011223
                                        Encrypted:true
                                        SSDEEP:98304:lIBXCTayeSWrJS7h/mQkY9Zr6xUD6vAKPmQsI6QCadqPcV8humnF+vNWZ9twnqaa:AyNKt8WvAKeQsI6XcVVty9qnXq
                                        MD5:4AACB0826A768F3817A18AF768DC27AC
                                        SHA1:47D0EF351576EF849117DB35FCBE88CAF786E80D
                                        SHA-256:E1BD88679DD10ADDCA9CC0F3502A36B062D107D81A12BAC39FA88C39B97A7100
                                        SHA-512:3CE5E44D26B15AB40BADD2ED6AB967C34B429D3EFB3A7E050D091BFE0484B02D601495672385C821578AE9204071454D3F2CC893F5815148C31C166701F5A4F4
                                        Malicious:true
                                        Preview: ...X...............U...]..../=/......i....Z...v=..+.....NT.CY....@.)pw..X.....4k~f<...9d......o..?.y...X...;VD..HrZ.e....8..Q.....`.W.....h.N.38..!.u.,K...".]..M....;...Xu......4..P..c~.1....eM.[rv..9@..6.).s..../..Y..;.EE..T.K.....U.H./Z.:._+.;..a.=.|2..........x1O..B....>...../_`Y........f..>..}...i-+Uv.HK..m..a&..B;k.>._E.T.%.9.?5.cJ.....F...*R....W>f.K~.....P....uwm.....U...5>|5x.-.a..2{.>(9.PMB__(...T....d..xmy(.G..Y...s.PI(~Ba..]..'#..6..v...z(...?......?I..m.YU6M.v...8.............%2?........F..?..9.A..gs...c^c...>.gn...#Q........C G..m9v..~o..~;...u#@DFO.uL..k.0..W.'2e'..D..L.Y....G.ey9d..e_N[.\FV1...a....;.l~;.k..7....mL.g.......v.n....g....-C..........BQ9..9....hOG..K.A..v......B...I.i.Z....;.S..5H..*JL.f........=.]c....U.q..../d.+.j....u....T*.2...T.....g.Z..1.w....sh.G....).g...\...@H.....|u..6.T.8v....j..-..a..M.3....._=}Hy6.s....n..:A..9.8....!.._....T..X......+.h.I..Z0.. .#....g.>....e.-_...(\.*..-._%.s.~.4R....y2..
                                        C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2089
                                        Entropy (8bit):7.907856163969941
                                        Encrypted:false
                                        SSDEEP:48:Mf85dN0g6np51yZISJR4vdIX0gcaIN002D/yesPsRj0JniT+BtUOgg0Hak:v5dN0g6npfyZFmdmBnqHspoWKxgg0T
                                        MD5:6CB0DC1D718275DAC4BEE4187933A780
                                        SHA1:00783BE62A667BB8C407194E3DF21DD7FB974E2E
                                        SHA-256:B5E61DA2BED5D1F3EF25E1ABACA52F71750E7B93B0F45C79D86222C93552AEBE
                                        SHA-512:0ADCF20663157FC8C2B7332BDF378AF5C963D0D8795BBF736ADBAA790036DF48B9CD19DE0BA0B32A16244CC2318C5785C2F91699FE3F7D30B5CB257967232B24
                                        Malicious:false
                                        Preview: lv)h.....[u..B...he;{p. [..%.^.}.....!Z..M..@.....G..7..BR...w.S.^..........w....S._.q...F w..{[.R6. b~...y....>..R.rQ..mB."m.cc.....%]y..!...._...Z..U4K......-...]...H.^J.......*.k.~..[\.U..D...Q...^.y>. .X..N....9.T..i|0..y.h.Ale...D.2\..06..0...U....]....ns.ej.9.1....z.f...C...I.v../.-.u....0.<.v.....-ti........}.c[..*V^d.k...&R>..z18.........J./....Z...X..Q)...u.9...9..K...p.M0...N...BW+"t.....y..Z *vp.s+....4./....*.GH[....l..g..7...d..R...;?O.h..&..Y+.....X&.;...H..-D.....=...............$..........H+G.o..^2b.]....)f.o.e.P.?.[.........n.-......7...}....=.....[e;bWe...x.....J......d.r`.Qg.U....6..jrS./!#.d0.e&...2s....j...?J.Jf..J...%@k.p..C.../.#..4....a.7...w.Db./Bm.]...)!..fC.U..0S.t..j...../..4]...@..!..?..\#lB..!`z|&......u....-m...c.]rdL...}l..Q..s..7ay......-5.r..b..-...X.qe8......[..U...2r.C..:.Ux..1{..@.pw.p.3Zds.......8.{..:F.:.D..Z%?.Ew..F..!...K6..5...pQ@a...?.`C....|T....C...Pfg..$..GJm.={t..3^.}...p@..fV...u.L....OA.......P.
                                        C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.en\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1391474
                                        Entropy (8bit):7.99985997732856
                                        Encrypted:true
                                        SSDEEP:24576:KJ4jw1KfOQjhRRBqwadCNEqDwBHmhRkysKpRJ1vY6kulW+kcwJ:KJ4jw1/wnq74bpkysKPJ1AGs+8J
                                        MD5:810565424CCB6D6716A2B4EFC5E99514
                                        SHA1:7F4BC5C6DCF2C3B3B8FBB60F838D8AD03EBE32B3
                                        SHA-256:79FDD43D587C9D0913B32645D70433C9404792E447BED8AD398EC5F2A64AB501
                                        SHA-512:1FC561303A682153BA8A58EC14697479E747E1BD58E87602D145721C2E3A31613047A1221A9DC600D2AB46912940E2AEAC3EC5FD0102C726E920E578240FF5F7
                                        Malicious:true
                                        Preview: D.:\sY{^;s+.K...*..1v3..wY7,..f..$....1.J(N....6..T....Fy.P Kkjm....}.8A..1W...g.t`.."^...7....Y.z..+...}.....g...V*..\f....O].F?u.x....YZ....^>.?.@.....`MD....|..P..X....pm...8.b`.......-....MZ. n.7i....(..\.9....,..N.r9..Q.1.....}..ze......W.N...z..As...#.3.../.0.I..Vi..9.....G["...M..4.u2..p..b.p...(9^>...g...c#B..k.3..*....Pax..AZ...|..*C.k.8A...c.dO&o.......tl.j..+.t.Gs.8.........ed4.X..oN..=......K....OS.0&....A...aK.f.....VY.Kj)v....!..A.-.h....>0.~..h......R.38...............%2.=..........\.7.B....fQ../~..h....B...S8g.*[.~.J3]}gk../(E....o.e...9z~+.:).l.g..e.j...H...w..u.Wf..E .\....l.......2O*..lVT.a..V..%..Lb....z....]v.U.]nL.|m.D:,...T#W3<.z.n...:.st.r.4..H'.6.w.B...3..5y.:Z..F.Zk.I..Q...@.-.D.F.v....Z.i.^.t..qt..t........9s....N...C..5$..w.....i.3..O.+.6..5.T......7.@....XO.K..._...<.......$...<......k..iZ.6....v.........bD?$2...J..U.....T.a..w....t..6nB.%.P.....<......#K...g...!t.r....S...@>.#.H.....A..;.Lp....3......1.3Z..R
                                        C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.es\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1558
                                        Entropy (8bit):7.875408990449214
                                        Encrypted:false
                                        SSDEEP:24:+HEzfIIgMUQj+z3ODDS+yGEUA/IwwuzVEMvBsf9giob/k4Dw0WfSCMEZm1N:7dZX+arTE/KuzdBWE/k4efNDm1N
                                        MD5:2499808052B4DF6EB8B20F06D8537362
                                        SHA1:12886DE3D7FD3168AF4A9E7946F5FCA988D86C7F
                                        SHA-256:A0388153C9D0B905DD41A3F13D390A4FBCAC431EBE44FAEE853FEE4BE92ED8D7
                                        SHA-512:172F1D3888079973A744F8C3D4AC614F811462327D5F8EB5A196C374BE4D3663A50FC068754D30FE74DC6857F0B6178524CB55D94E76CDF2379AA2E56C063148
                                        Malicious:false
                                        Preview: t.....gw...'.93V'..._f..$Z.D....._.].)+Y..B9@.w.rX.g.M.>.8.|...+l...S....Q...m..Y..J.D.dm.......w...g...0..*...H?.}j~.q..F.M(mK.8..X.[0.L.'h...Xu...xl.j...a.o...MEu#./...Ul.TTi..J.M.(....{J.4...s^y..&a..@.w...'}Rg..$~,...j...)..*...4V...A92..?3a..8.b..;....._m....1."....5.w....D...v...xG.......5...... ...t.b..usg.q!?...y......7...a....../.:...IQ.0..._....4q=....< ..[9o.X.........yx..^.~..g{.6...w;a..]....ED.p6D.#.....4._# .S.OZ-?..U ....V.......2]....[cH.ev."w.hDM.BnU.............$.............<...U.a~..d.......M..|l..*<...!..._.?.g._)9....].....u.q%K....-.\.ne..U..qs.g.....I....n..9..X..y..6S...*b....bj.$U.5.D./.`.J..i._.......x[.:...u.}..J..Gu .PD..eR....g.Cc.t....>,.r..}...z....A<b....U51....N...D.3G3h.N...../.5.>....P.j.IMu}.....3k....h.....W..2........_....@.c.W/vTUI.T.$.:&.>.h9.m...4.......=.......lhx.9....,...Q.e?.?.m.?).y..^.O,;~...._^`..6..]...Q1...M..P..$.va........)..|..[..%K.].......nV.8..;.@u..[.9|..D.g.U>7.....|..W1..R
                                        C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):6601
                                        Entropy (8bit):7.970363353616355
                                        Encrypted:false
                                        SSDEEP:192:ZavNKRhiUCcWQmXpmQ8KN7pYH9Dasf58Jp:ZnRh1WQmfN7pYasxY
                                        MD5:F7D91EDE009D8BD5C2CFD733ED25E958
                                        SHA1:FB0760954A3E5C8B9D2DFCFE82B1BEF438AAA944
                                        SHA-256:A961F2C246298E160656C51CCA211C5D8402B6472C6F176E42353972D68C3C75
                                        SHA-512:3AE3F3089A3CE9A0F75A0C93749E38D05449C2EF4282BAB8C2D54C2E6E43C5FFE1198DA45AB46316D9DE0FE93514452C9463D29DB5AFF7A06C82CB650A309FD1
                                        Malicious:false
                                        Preview: .. .77....dM.q...3.<l=G.NI\....M...z.^..^d..c.Y<K...J...d.....[t<V.I..bx.........e.0.#....G.@J..S.@...sv.l.yK.-. i...R..]....j0.J...8.Kl..q.U...5....N...!b...R.....~.-.y..q.U..H..V.v.r.Q......d..._B-.u.....#..p.9f.+}.R..#......q..T..u...Zc.,. ..\.{."g......M..! ..<E.T....z...Ca.!.f`./...H.......,.....?[/i....|.G}y.OF.p....T...Q......<k.y..` .S........Q...5T............%.....`.\'.....b.M../.n......=....k.ba...[.....r..). 2A.G#.l-...nHa+...B$.`tq.h.8?......9A.p)~.....FX.$.....Pp............$.........f..`..B..|.]...d...A.+.-r."..%P.....0s.L......<(.K.....b..1|.i....S._S...,.([.._^.. ...aF[.i..0.9.p....iV.........I.w.T.9C.y5j.......`..f+.xM/...n.......*..c .<|.:X...[g..eT......S..V$..+.e..2.[.KP.....(|...M(=q...0.a..+..%~...D^..u\Z.......H..B...4<.Kk..P...}.(..5..&.x.M.r.{n..7.....QCO.0..{>.4.......}Z...1..|.A..bA^G...c4O7<.`.?.....l.....1.+8w....O...R.MGc2.(.....@..O.z5..t..ot+.\.._....{.c>YX..}nr.8q2.:3..&..."...V.....a.....X.~.9
                                        C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:SCO compress -H (LZH) data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.99981624156497
                                        Encrypted:true
                                        SSDEEP:24576:AJJpP6dAZZgnnegVqroycjqenYCub8d4w0XO/S1GDHRmf4:Ad1ZZgnegkroycVYLW4wEpGTMf4
                                        MD5:D61EEE69B2E1EF315CCB442BCA0CDBB0
                                        SHA1:53D997BE43FE0938D9A044926EB604D6114CE7A3
                                        SHA-256:A5AD979B011FE719B69952C14A65E375A779C90E384E4B009FAE027682664D93
                                        SHA-512:A11E71E2E3D34AF9A0CAE3CA5FD3B0959B381085D8185C50C34E49E063AEBB8DF3CEB29C62B0170E86C00A255717358A49D493293C77A7F5D9CE58D6EF221B39
                                        Malicious:true
                                        Preview: ......|s.........SdS.d-@..*xH.(fE...#.G...o...LP.H.9V......`JN.D..j.Z.X.I.......n...,.}....]M.~W(.u@...U.B...D.L..!..=m.B.B...P...YH.m..<.[.(U...B..@..|&....*..zR3..Bz`.*.zP... PK....)...<&.P..a@..(F.G..........EC...j..D..b/.f...s.....q.+..y...._.T6....M-..2.h..W:,..9....+...C..=..s.._.;*)._jI.Lx.....y.NN....9...h-W.>.\@...i..-....uiKY...49dm2..-.....d.<.......<.......1..[...E..~.L.Y;.......E%..-$....;p..a..z.g....`.......T.S..a.I...u..w\.......i:..]..T......JegE.\[.l.U..8..`?.@.............&..;.......J*.%g...s}...2bLmZM...8..W.gT......J....t.:O(....$ex..n.W......s......y.G..v........! 24|.D.9C.5H...l./.o/..w.4..p0...z...K...60...Q.G.q[..0...s_...P.c.......IV..Y...9qI..k1.G.2... ;U.a.j.O.....;.c.q.?..2._..&.../i.nB...C..L....$w.+A.y......Fb3v.....F.%.V>h....G..$.)`.....0...C...P...9....}....G~..Nw..=.O@.j1TR....a\...q.}..$..N.........Ar%...G.f...=.....r..c.{$...;.@7..9^M8t!E....T&...B........_x...m..;'.W(l...,N...t6c..{...G{o.r.N...Z....?...d..
                                        C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1764
                                        Entropy (8bit):7.8727071820952
                                        Encrypted:false
                                        SSDEEP:48:zLBMvXY4ECwCpFd4EKVItrTdlBKjEDfskRUZRi43:mQ4ECbpFdLtZlnspz
                                        MD5:BC75F9A71746C852289AEECF9AACA031
                                        SHA1:2C0B7C49BBC9718DD01004C7128D495DC823E37F
                                        SHA-256:9454C4FE04BBB76C873A817EA1D43BF9C9EDEA2E7739C734B72C6E9F6838D5B7
                                        SHA-512:A4A6DB1E6DC9D0B2532BFE17A78D0EF607F78CC70B1914EF6B4D1C3540365B3AD732ABE82E2AFDEFE31A49D0932275F25E8B2B9C315BAC6121C84C32B0E67487
                                        Malicious:false
                                        Preview: P..%.x.=.N.q.#..c?...lp.+MS.a....=.A:t....._....#.].[..5.vv..\._SQ$I.-/-.c...(..p.M.}3.M9..S..2.6..}...wl.{QY.4.8..^;.J. e...Y,.M...I....1</GC\....fq..$...3...k.{.0.l.}.."....Wm../....{.,.U.Z,..I.......X..%2-/.SM...u...p=h.$..N+...pj.)4.4K.}....[.A.F....V..jZhSV.=|k.+I.:......(....!.e2..5.>..1N.}nn>..3...{.`-M..k._H.....".NQ......K....MB,.W...we."#.D..().S...1.{...X...2..e..&....3..."..G.*....b|._.7......bS.ngrg......=.......)..!.p..[J.3....Ab.....`.v.G.E..QM..N.\K.h/P...G...W.'.A..x.=............$..........H..........b.$N.6.@.".s..=......X.w{...{..1U...[,o.u..|.5....D7W.R.`)h&..uv'.+"..vx.K.W3K...e.0.,..0./..q.>]_L.`...C.....@oM....\.~s.....h~....{.E..s>qp.........OQ*.....~.;n.....6T.M.xAf.....XQC......;..V......k..(H.....kEZY....-<j..<.{...Nrx...B..8...`S...PD..........N~....Wy...H*:K]..!d...Dn.4.L..........vm.k.s...J.N.~...;..EC;Z1..qG;7X7E^e=`#..~...L....1Q.A.<g............sQ.....?..t...........X5.....e.Z.....%.|...'...X...}..L.
                                        C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2329
                                        Entropy (8bit):7.904316591808403
                                        Encrypted:false
                                        SSDEEP:48:DiH7EAzbOB7lC6N4g0vg1m67YeUWN+D+t5BwciuFqvNH:IEAzqB7gcYUYitnxNFcH
                                        MD5:6ECAFA78733A71B8EDD60D4C468C922E
                                        SHA1:308940645626A587236C67DCD853F35C07340021
                                        SHA-256:6B534D4FA62BA79FB7EBE8E2BB6F1F48F0FF69F3EA361D4A2F430D4DE021162E
                                        SHA-512:137ED2F6C7599E27F912672A22B5BFF30160D288C7A3EBE1B3B1A1F60C2EE638BC2A8CB2F7FF8D76AF9DAC605E547EB2A69E5536B489D13C63EF9C11ABD05BF8
                                        Malicious:false
                                        Preview: .>k/c..~....Bp^&..L5...7.).QS.....u....t..b.>. .@....L.F|..............[.6 ..\6.....jB.Hf{....y....1"F...Mn,..G-V..?...._.]1..u%......h.l.'.3V...\87~..k.f[A..,M+7..u~w..y..."gh....y..Q.s...)..).$.-.8].g.....9./,....q.w...".RmN..[/.t.W...G.k.PE#n.P....nd.......6..S.eZ.`#A-.I..Z.........1..K'.}..V..f..^....)."V..s._./...I..j....,.Q[.:c...p.s...:.r.pqmF..7..m.V....."...B..-qI.e/PE..Q..E..smR*.S.<d?...5.Y.....^...t7...R.1<.....U.l.'......}..9....6..T.eZQ..If.......*.I.cu.q.cG............$..........N........2.....g._8`1.ei...}....E.......E..b..].. ..k.WU.. .dj......h6..>..<.K..)7....6..)......\l.[..N...y.w...|.....L..&..$0Qor%. ..#..*Z.x.k."...t..!.*......i.<n.?l7..E...!...e...~.....C....oB..XNB.....H-./.E=......F.<.v..?...b..pu..C..+B..n.\...D>.eR.....@{t.Ld..'.&.na.Q.{>..#.y.Lj..._..wW..F*6.HI...^:k[(r.s. ....gx.._..6t...&.z.<X.......L`.F..4...........[........<....Y..QR.c....NP.Z....+3...{..f.B...o.....}jG......7.....".......I.o
                                        C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):642124
                                        Entropy (8bit):7.999708481444967
                                        Encrypted:true
                                        SSDEEP:12288:hlCbW6CssDsTlrkwmCI/EqG+6DZty6fYFERzv2ZKgjIpEMWl:qbJsMxn+GrzfYqRKLIp8
                                        MD5:66531F69A79B04992E30344C9FE43446
                                        SHA1:2035E1ECAFC419A40AFCBB77CAA003C92BDBBF19
                                        SHA-256:4129E61C11430C191083DD2A70A37385F430739675B892799A3B03DA87F9357B
                                        SHA-512:2C8CF1B6E1695C210F102A49DFED2E37027111B4D38353A19DDD7FB97D7C08206871B255811004B9523C6928345645B7A4973C5A5AE9725AFA3C791F8597ECB6
                                        Malicious:true
                                        Preview: ....gd_.^.."...L...!.w.]D ..,..!^..ev....D.K..&.].......".p......#.x...+v...._..."S.-....&..."..:.0..u.I....+.l*.\....b.w_....?.V..."~...W1...w.4....^. .!...8;.w.O.....,.........B.s|.9.g...;...Q.B...$.rq.[.g.O..p..W.^........M(...._<,..=%.i_.>..,.n...+.q.............o[M.G.@.....sl...|XI...B...!U....}l?$....3.W.P?...U..>w.j..Hsxd.._P@pN.R....~...BO......'~..j&.Xe..+...D...Tqw..yvx.X.%O....<-.6.....=!Q+.Io.............E.....w.4.X..1pA4Z...i.......u@.......q.F.....s.7..W.4.9..n.D.!...i*.............$.6.........A\..|.m.*&x=W...15..{.KD..r~....t.......t.<.qa..$=..5<_g...6..XOPW.B....................`...v...G......a5.k.R.R..Y.iy: .lY...u.....U.b..W....|.1...c...R.7...0....l...K.R..iQ0u..<...p....@.|v.{.t{..<.8...N.)p. .bl..V..E...0........8@.b.W7'6~;.q...|..DM..f...n..]+......5....n..m^..i..6q.?`.[*...=..'...=.L.`g......\.Y....kW...I.R.X.~f..U.f.y$/..&.06..............O...l6....c......T...|K^..<33Bk.!V.hPD..i.....7......oh.N.0...:)......~7&.<...
                                        C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1749
                                        Entropy (8bit):7.865103357990615
                                        Encrypted:false
                                        SSDEEP:48:VkD0B8J1zFAowN87mT45+NtitvnByoZcaSN:VkYBGFcNUmT45+svnByycaSN
                                        MD5:1BB7DF09EAD3110A41E8D62766E7B760
                                        SHA1:2A262E66BA1AD27AEB829480F37258E450EB8EDE
                                        SHA-256:541693A1E551E1254B0958256DBBDF0ACAEF02F8C60D476A37845E9754C4D96B
                                        SHA-512:04F7455958341F4718560912C26D8127267017DDD752D5D81BFFADC631BA3DE98542E8EFA085A3EC956B06DAA0D93D63B1C7E07FC165A0A2E45D65045C99449E
                                        Malicious:false
                                        Preview: .j...".D..Ot...#%/ ..w... ......,..].p.......7."..VQ...7.=$y'z....+..(..Z.7V..qa0.M&.....M.u.t..q......\..e{..t...........,...^d.?@............t).z....5..Kq........\}.Q`.... ..d.n..a.......L.S........_ui...]+.\..ua........N&Li..M9...U}..z..t.,..[...}p..,.".x...i..<e-....e.f.E..!p..z...H.q!z7..o...i....<...]XY.b.%s?Sh65&..p...........|!.zz..}....3..d,........wB..<.l?i.G.)...[0.km.`S..E...?.....c..q.'....W...G....{.....$gY7~......o..\-.fk..?..-...2N....6....Z.9eP..n....h]...C)...*m.w.[N............$..................lz.x.[.i.4x-..l....D...i.JUmS.(.1f84.....E.X.X.......d..W.8..]#<i..Xc..........t.9...C:R.M..q...D.c...G....1..f~.....p.Ak.;\..sFLP.....y..F..6.!7.q....B.e.;.....C..p@{{.....\..fS.....K..^.Jo.......1o]u..x:K~......Qd.ME3...q3-0.}...#..`..?.N.[v..m.n.?l.....F+..S+.I9.w......./h.<.m."..F..1.f.0l..h..NH..qp3...?....DZ......"S[..=....i.RU.{.&q......4..@.x?....6q.......Eh.rtw..gCw.4.U.~.b..D.E8h.u?..D..wm.z:._.....'..."..Y...ZX......Xc./.
                                        C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2342
                                        Entropy (8bit):7.910122838128882
                                        Encrypted:false
                                        SSDEEP:48:EAj1FgfGzq5pChiW3LAvWV69Cq/IHRknwOWYI51CfMC79omQt+kiAPGzf:X5uOW5iiGYwJHinw9YIOfUhJbOzf
                                        MD5:C814EF194459B3B3E3FFBDE392ABAA13
                                        SHA1:82F17C8A2151CCED371BE411B1BA6AD62EC54FF2
                                        SHA-256:F3D1DD59070578C983BFC8B7C7F7ED6B52790E2DD7D38BBE26B709D1B8581230
                                        SHA-512:B3DC0AD8F22C07B2BC648D977D7BC5E6037B21D5DA300D794CB7C51A68E0C43D5757ECB996A9110999422C47E0CAD91D9806AF03DF48803E8C92A8FBEFC0B9C3
                                        Malicious:false
                                        Preview: ?....y..# S.%...h...=.h.U..._|...R.Q...>.r.(.C.[.d..O..1./.0P....CW|.c.q|k9.L..b.0...g..O$..X...w.M...y....l...d...7&v}.|..v.xZcR..l..v.{0.#..{..?&~0.b..K....H..<....x.....^..+..TS...C..3.i.j.>..S.E.!...?kU.mEw...'...h..a~......."B....~e.DE...........[......%S....=.n.-..n.-L.).....c-E!. [.OT3....`.b.....-.SX.H.+. ......j.....?.....lT]z*...j...h.~.r.."x......2.D.&w6....1...e.......>6:)..(..R...e..j..+..dv..#..v...{..M='".`....B...g/p.$CB...#...%Hx.(f....#.f...g..d.f..x.......rG....z.`*..Q............$.........R.q1@5....j.8.D.3.r>.......Id.Z.M..8p.y._.( ?y..T.@.j4..O....3.@.;S9......$..iw.............J..<^..(1/...1.P{....q...:.ex.]...: ....G.V.-..8|z..Z.....+.C...\..L...Y.)._.?....&.0..x........(o..V....0I.a...~9.rL.3..n..........'.&...?#T...<.._f6J}..?.)....{......n.Q..d.E?!N.pI....p{7~...#4._.../...,...o.Q....o..n...X!..a.lRhj..#cu....;..93..x.'9.x..9.....].x...!.M%.g.#....%qc..y...<.... ...J.O...N=./...q...o.w.>..[N.!g...~.m....t.D..Q9XY.6.V.q.
                                        C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2351
                                        Entropy (8bit):7.909606165831783
                                        Encrypted:false
                                        SSDEEP:48:DVgVEQ8AtO3P3+JuFT7AZJ9fHpaQri2+YJrA01+ZywApDVq:D6+Sq+J/Zn1eJYJ74qI
                                        MD5:7D309A218B97E1492273871D7BE1322C
                                        SHA1:684FBDAA398E51B79862D839A84FBDF6DBC9481B
                                        SHA-256:45A58BD6BB825F37FE3C132135668088DE327363906BF6EC324E3BDBB8B59D35
                                        SHA-512:DC61024933757A4720FAF68AE06A3EFAAB511E0CD250F2AED51FFBB2F2856253E6321B6E73404779E1ED338B5487C4FBD359491691937AE56185CBBEC0577FE0
                                        Malicious:false
                                        Preview: ..F............Y....C.L..P..._.].3%Q3..z.5x/zY$...FQW..9?..p*....=N..;........zLi*.....K.U.8i<i..q...q...d...n".... .v...v. ...,..*.i....8...j.=..%.y_..$i..@+....@.....n.....:X.a.~....(1....maI.............Q..v.$..r..i.s. .y..O.....8.....q./..)A.=.wLzF+......4.c...o..._..m.)..-...!eU..%,......./.3......t.]_..+lC..\....W.R..o..gCba......c.~.?.hz..5.A...cG.3.b..M467.P....,....vB4=............O.8G...N.."..)wD.n13ck....da...|.....d..dG]...h4r...U...OZ...c#..B..,yU.h.Q2;...Js.Y6..F................$.........t./,.R....A.....q....$-....?r..1^..!. .=wwR...L..e.%v..y{..-.H.7......1...>......%.....n..1...4.{<.O-V2...._.z|.....'9J....{...I.._'..W..C.....C.1y.A.B...r..u......K.....q(.52....n....w_.k....#.,;...D....nf.mgi.m.I.W.t..b..O`X....99}p......9`+n.....:H..QEK......1].....iD...#.*...Wp..Kc....s......Nq.$+..We..q.>......&.'s=Mo........a.q.......T..n....n....t....^...y..?.c........'....x_Y..C7.%.u.q^5d...M8#:....dSkn...:........O.'.%Z.g.AY..........
                                        C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):6677884
                                        Entropy (8bit):7.99997568571897
                                        Encrypted:true
                                        SSDEEP:98304:QAjPeXnYCwRhJTqoNUijk54rOcjnCqBaipSAf69II4/Z+opAML23r5r7HjzbaABZ:QX9wRhJTF7Q4rEqoi0/K+WLi7H3blBbd
                                        MD5:935965F606A027DAF8B31B319F2D9202
                                        SHA1:EBE6EDD1D68280766D3B0F9A271F91CC36325492
                                        SHA-256:7660558DF2279D6A8891CB5B124CB4A943C818F289320DF3C2278903F1ED0EB6
                                        SHA-512:ED41501D0CD93413E1EA919E44B43D2C6F790A115B054AFC241FAB6139B84BE8F998609B858CD5B44EAFEA6C76A5490CA066F0DE1E527CDD6401BDC2217CB96E
                                        Malicious:true
                                        Preview: s.7.,.|z.G..W.....FR.+..=.....V..._..>?.......q5.M..b...p.Z...gH...}$...i.....|...........?.w|M..b.hZ.J..T..{.3Lc.sU...;W.W....n.e.X...4F.....Q..........6O.:9.>...Qt.i..Q.....t..9.M.r.n.nd..:.Z.=.......\.z..8.u..]w..bW.l.i..b.S.....y..4..e.f.....W.U.c...:.$Q1s.KDe.....1.."go..CA..".Y.O.C..h....t\.1........Q.P...P.J9..,.^f.l.I..FQ.g.D..........T.M....."....P*.58W...vC.f\.......?...KOcY....G8r.F=....6..:....fR.D.U.s..$.x...A..J..2,..9.....H.K.R....k.......(..U(.m...T..>..|..)K.'...3z............%2..........|.Tci..HG-.)C8..g..m..C.|.4.....Km$../`7L......q.&.C...2......&.Pg:.K.S.o<..l.\j..k....<|yhH.."'.~.e.q6...E,..,.K..c.Ni....%...g......\...#...4....s....o.Em.;{.....\...',..;6.}.&.T...DM%T......0...Tn.m,...b.\..:I.qo.?&.4qD......0d.B.#...f.{_sM....p.vB.<.0.T.8_.0.m..`.k.y..'......u...w*.j....'fU..(A.`p.]."&.uwK..c.1:\..wp.B........P.P.....^#.I....J~..s ..1.(.Q..'.p[.Q..a.4...3..........K(.9...........%;t..H.........Ah.0.....4..Q.3.....F.
                                        C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2709
                                        Entropy (8bit):7.917938831481617
                                        Encrypted:false
                                        SSDEEP:48:hSGdkp8NM3lSCvYZuiAkrI/9u7WnMLWCA1Psb2l76yea8wK4DdF/vM6OY:0GO8fcYZJHcML21PS2l7v6wFRF/oY
                                        MD5:35A9F79F379EFA4EFB959CD97AE5E337
                                        SHA1:8CF1423AA38A36B26513DE9E8AE76BC1F10C9BA1
                                        SHA-256:A1BA9FE8169FA534F67D3FCE11E83481CCE63163C7A27A1A74A776BE70F2F9D9
                                        SHA-512:DDE744AFA40080DD88B6F8DC25E3D211021B6D7486B35E8E682C9B4E7C900674BF4BE7FEB86DC4F1F5BD4C2BF0C6A3B20BD63BEC5D9A84852222897EDACAFDEA
                                        Malicious:false
                                        Preview: .s.`... @L;^.._._....4..@..E...p".@fS;.45.1:....+.;...F9.2.i..F...r...!..E.zZA.s.R... A.D...MZ.0efq`.i}.-z.../.N0T..c......1{^.u.CL.._..'}...9.U.>.@H<.`V.b.3..:O9...w...!..F?.T.x'...m..iE.2.....f6..q.rI.....7..Z..6..W....;.p..k]Cg.#K...E.}.+.j......F...q...s..F.3imzG.....B.}. ...~......JH.5..\.l{v._&Q.Fv.0.V~..Yi.U~.\v..*....IU&.?..yv.B...`.,...:.\v...B........bG..F......@..C.)>..6..;..@..e:DX....=H.L........dP.~(.NP9?.[...6!j......F..;k.BL0.Z.Q.`."...x.?......i..."o..0.^....X..<7.............$.........B..Z...x.6..).|...%.1.../`.n."j.;W.-O0g.J4..u..+.n.O....7.....z..MN.L............B......20....!.M-c.q.f....po+2...wNN.v......y..o....;5......~...0.......=..;..V..o!3G...Xy*.jKy......~..z `...Q...M=z...~..@..C....2...7E.....=.....bPJ....gr1e,.-.0.....-........Q..A..W.^....)..<..}.2..d...8.......!..X.@.)......J....s\.........9..#.+......B8.@t....<..K.D...8..0...1T.](f...+..fL.....Oi..b.`h.=`...$.....~.Jy`.N.......^`..t@(........%C.L...;.
                                        C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):873496
                                        Entropy (8bit):7.999787521586614
                                        Encrypted:true
                                        SSDEEP:24576:WSegq5gX387m+dA+GjUmpvtn3Z2L4dvMl75s:W/WX3mm+dA+eplnXEl+
                                        MD5:9A60C5A0B5521B1F5FD5A7077DF7F79C
                                        SHA1:31E323786CE9EB65D27FCFD1DB960937E5465655
                                        SHA-256:95D2BB8ED8B1165B043EBBFEAF9E781A5EE959A4DB7CA2478C50D316CD25B76A
                                        SHA-512:8FCDF1F7DE87EEBF2238311FFF9C6A3BF519DC0032EBDB5704C868E61E09F0226796D5F4B84E260B349741864111F37EA8B79B84490F902DD20E0D09F72E5ECA
                                        Malicious:true
                                        Preview: . ..Qm.S........By..Zs.. .Y......!..eL..Ki..LY..m.._...&Y].....`!h..KY.....|b...b...9.....%.R!.V*M..7.}....0`Q._.6.V.X...5.F.....8.lF.k..Q..R.....<q).n.NJ...'...-D1..l...BX.+.........n{.ax...r....FsO.m.3.....lu...<..X..A..v_.4N`..a....j.z70...!^_..i.=U?D.A...*t.k..blD......2.B5...^...N._../&2...(....*<.5...TN....gg]$.._.:jL...........w..c.P.....P....E.%Mu......=0.....t#.5zh<z...V...?wU..t..u.;o.z...C.....2P..!4~m.$..XB....PN~.C..=E.....Ps..N..E.I..F:.....R..$.9X.5...F O..7..g..............$..R.......P...rK.?...0,-.!...Pl|..]j&/rG..{....q..`w...#.n<f*.*P8..*..}..u....I.....D.RBVbcG^..b..n;.H.......%.Y...b.!.Xf....}.u.bhp.Q.).....8W...6......2.R...).Z...;CK..s.n..FQ..%..)Y..IaB>...M.1......Cr..z.r..y.h>.f-.O...7.g.S.e].H...@.(H4...R..".1{._..X|..8y$....{.M.b..B.V.h<s2G@*f.jU...u3U...~.L..rR.7N~..X..4....^/.t=*..kP.s[...E$..:..q..T..[G.........*i.....9W,... ...?._.5...o....nX.D}..I.^..,.....;.z...{$.n.j.@8.8y.:.Wd.......>..........
                                        C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1660
                                        Entropy (8bit):7.865662221325278
                                        Encrypted:false
                                        SSDEEP:48:57gwwxo33a7TjxbAkRfekEbEOpI47vjqRbR:pwea7TjxbAc/EbEP4a5R
                                        MD5:501B704E642CFF1EFCAE149A7BB81122
                                        SHA1:D8350884EA7955E0F6EFC646DE2B19BFC83890E8
                                        SHA-256:5BF23E2D4C4FA7E890BD73F71301CAAE04632F0EF1152451CFBCA7344A84B467
                                        SHA-512:29A548EAF3DAF8631C1A89DB8B9123660049B715F25EAADDAEBF38BB12F3763B777AC246E62579933952D111E860ABA7892B5104166FC166A0A13B61E29EC27C
                                        Malicious:false
                                        Preview: ;.w9mD.Y.....,$1M...KyIy.......F...,.u"..e<.@..C.C....>."lH`.m...vv.q.M%^....xaC..|.m`..E|....$BQV.u`.2.+b....p..D....o."......M.P..Wc{X............MoT......g.Oi..k...f.V..g..w.....P...2...&...}.#K(qX..3,.<...U...YN...p...F...j.C0...... ".......-.........K.+o...Sxl~$....a}.".c"....Ut.)*y..L22Pm=.Im..4...?[...q..v..Jt|...f\<..z Dd....C......o..P...[...a..Qn) f...........-&...+.o7,.J..[K.@....Q{..c..|'..(.n2.BGr#.N.VL.L.I7a_2K9...h|...t$s...R...(Y...7..@....'X.oO.....|~.y..g&.iC..+As../............$.f..........`*J..h...@..U[...;...[..{b...h..G-.u..B/....G......4K.j.QV.........lF.....=u.........".XxR.ZB..Q......shX...L..BU...Ux3.^lx..B..c5Hx).E.....<..$..Q2..d....s.8..(.....BeIL.).;..fbP.}.7p...-..T..6......R...`.....-.c....$..g!...e.dT...Lz.....f...^c.-.S0...U_44..).-.i0Y.Y.S6.../.w..&.A..~..v. .~....b.4..C.L.a-.....:r.9e.y.....6...0..v(}..................(..F.c:...~....bU..a....TX.>.'.Q...uD...PD:.....@.Q..r..."S&.....|._........p.;....
                                        C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2174
                                        Entropy (8bit):7.9059519161705225
                                        Encrypted:false
                                        SSDEEP:24:HjY86zLNmURXrWY26qyE2D1ihspOASCZUh0GfvSfp/Bq45c7cAc80It656leMjB2:E7LPXS6Lb1ihsk6o56RScvlie2J5w0c
                                        MD5:88150606C276D525C8A71D4D842BC7EE
                                        SHA1:0DAA53062F72F7AC67DD43C6DF962E9FF858A54D
                                        SHA-256:1C76BA2B7BD669369FC486C61EC1A591F64DE7B8E4EC01807BD97784490FB786
                                        SHA-512:4DE785F0EC3880CBB778E79DAFE5670D4AAA52DCCC4F8F4BAE78877883610F0D25C69AE99077FA122F8D74EE06B0124D50F4A34925631F8340126961664E2071
                                        Malicious:false
                                        Preview: .f...Us...n.T`..s.F.......ai..`CyJ.$G..h.e%.....x..X...Bf}.."T..K.-....%..Bm.@y.....N0..@C..=....O-.Z...7.....c..."b.AL%.p..._..\.v..9.%=8b.{..... .....h..;.k.{W..t..^n.T..X`.Lyd......E....S.......m....\E.T%6z..9..(.Nj....8..v7.6.....x.]...9...+....;s.k.c.{.B=..w.T.n^B..#.i..{..bp....".#J/r..W.)A$.FP@.....;.2.s........#..(T.0R.%.pXGAR.-j+H..U:{`.....g..f...3m...P.{...K..".vM..g.`.^.9..Yt..<.B.......%..m.x..o..2..9#...-tW.$.^.iH....I.f.0.e.&..r.......9Az....+..I......x;;Pf~.sBb...L.E............$.h........mAyT.S.,..?<Jkh. ..Z..C.J....q:2..W..?....N.......k.?-.._...0.B......X<^...B....^.(%.p..... 'Q.....rd).w....o.v..0(.?zT.:?..|%pL..{.......Nc...7....Q...*.1".u.0x..<\U..C.r!.S#..9sq...W..6i..c\.bn..F...o...a.n......S.6.W..d...z...x..|c..oe.{.A.".!.........E...za.$...j..ejx....&I..|s.~......'&.r._..^...h.......^.......IQ.F..QV..lMF..Q>P&Y2..CUmb.#2...x+..\?.&T.C...~x}..hZ..4|&}.?w...US..*70.G....W...l.d.K#PGAc...6. .%%a.. .<....({..........
                                        C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\OSMMUI.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):17347
                                        Entropy (8bit):7.990311767256842
                                        Encrypted:true
                                        SSDEEP:384:yBQ35xs+w9v+h4ZZe5YZiwSdI3qV9CsjNgSg63y9lEqj:LfHdhMACEI3tlT
                                        MD5:96BF783535AE3CB053984015AE6D9EE7
                                        SHA1:623949AF591476FF521A5F5E3416D85B1E49A8E1
                                        SHA-256:A4B0259D9CEE0F9296BB2E161C41BF0BC27A30ED7F693D5AC6751DB6140163CF
                                        SHA-512:6A250EF648022076EF7DE3732E1304ACCAAFE64358F357E2F086DDFBCEA5E0B6F06219E44DAECD944F93C338A50D212C6EB90FE3CD074063FC2C8109BE0BA195
                                        Malicious:true
                                        Preview: ~#......#a..L..?....%q'..b..~....zQ....\.......e.:...;7.Y...y`5...H^.. ........)?.`..5K=e........|..`.......1..;.65.0.d..{....P..(..d.._:..>..H.V.1.+.?m!./.v...(.z..*....M.K.4~m.....v..v@.>5.sEg7b@..R...3...4....L..V.3#.....0|.c..hy.J.+.=)..|.JM.._Gy>...Q....4...p..!...<..E....."...F...[.k....E..k.qe...f\..y[.....1.u6.m~..c.k.@.........i.. .....`....]h...-....S-*...~.r......<8d.3..oP..y.=._.;#......> m.....G..^.zB.*D....5.....|=p....\.o. ..7..0..i..........u...]7Jp..........mN..4j5.Z............$..A.......U^k..9.L..H....4.zuQ%.O@n.....~7.......K.r2i....~.D.7...z.X.^..Q.n@w9P.@6Tx.n.9...1...0.e........kb.,c.{.(..Vh.....t.m.L.t.g$.?ZY..h#n..G.....X..yZ.0.@z......_..D......3.l.dzm..>(..f...U.R."]...x.%.4..D.Cw.8.[...u....].\....I.FB.n..&.:u.....[.S.P,..~.'...1#k...H..0..........01E)./...o..O.*N)....2..d..!...<..(.j..B....*...X.Q.{.rl4..- ..j 9...L,.A.......|s.,o.9.!..h......Y........uY..A.zpW"....*....k.]*6a....]0t..S0Q..{...v........./.
                                        C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\OSMMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1657
                                        Entropy (8bit):7.86980383987625
                                        Encrypted:false
                                        SSDEEP:48:odsRU5SDqF/RbEc8LeW5/vGM793hfcLxkk7Pt:odsS/pPPyhmNh7V
                                        MD5:752F97A0BF7BCBD08DD1CA8EC542D368
                                        SHA1:29FEAD1A1FE9D07D3ABF54C0E3D2CDE62B829735
                                        SHA-256:31D0F8C880562F944EAA3D9C83EEF1ECB566F75D4C4E4C1E9FBCEE50AC9FE378
                                        SHA-512:96E495BBE048D6CB799F56D95824A38B41114F8ECDD73524B591432121FB40BCF7CFE1B62BB9CE45CDEA7DD265B164813C654EF7C31CC721546875CA2B1237C1
                                        Malicious:false
                                        Preview: v....].C.^k..e.}!S:H.q.nr..j.....PaT.......b..rG.)nH...x.i...!.....D..B.#.[)h.$xP..O?...Z....Io.H...=\..Q.CCK..l..N...-.?.D..9F....../wh.uj.vLs......x...n;....$0.B$.,.+.q*V...Tv.qx<....Z..[~*L...F.w+.bPO3z.......b..V.:...pr\..5.tvqs{.".....+.mX.Vd..d..............PG...#v...9.L.P.<..w.Z.x{.o...L..htg.m.Z..%.....';.....v>..:j%...g.%...E.^.../.t.(1.N.z....0..i....|._....Ap8,U.T.T.@..!...%1.u2 ...q..O... r}...3.J/..^.o....=.......(4....B.KL...C.s..S.O..D,.......`.{.._....2.u...l..4...M$N+............$.c.........\s.F.1*.....(........|..v.f...f.l`.3.04B`5......}..:.-...9..L.u..KT`z=.72.`T.`.WTQG!.5..*j[..\.E.Ao.#......=.........CH..$I..6.v..~.pA8....K...2d.)..v..HIy...a.....i.2...2h.S]v.|..Wvw......>.?.|#.......h...c%.QQdk.X...R/..A..i..ae..G].#..i?g.b=I r\X....~4.Wv..t:...!...P1.. z2..-.s.W*..]~.h.....Rw7...K/iHK..=`.T../...R..TY6.h.,.0..;.K.._..iR..=....t..#....~>2....|.JUs.;H.V.B...#....n.JT....T^.....fuO.<].\.=..).I.(E.....avjP:....@..B.o..
                                        C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2572
                                        Entropy (8bit):7.913478769604426
                                        Encrypted:false
                                        SSDEEP:48:OpTrzDu/zG1G4RpRTvW0v43MFIHlFwoPuStdj0dMk7iAiRIDK:oTru/zG1pRvAA4PwAu8/KIKK
                                        MD5:8862EBA029399A50FD114D823B3FF95F
                                        SHA1:4DE41DD9BB537F9E3597D2127FB18D231EDA3BA9
                                        SHA-256:CD99AF171AEE5E635C4700187B0CFC37F206F96EBCE5715DA8DA7F351AACF6BE
                                        SHA-512:59613B32540C1496391BEB3E858D1ED97E957CBCE441DFBCA5775877D3D8E4BAE40ED6637D35A18664E0D906216C61F043F2870622D9895A82D45549F779160B
                                        Malicious:false
                                        Preview: .&...F@..X.".}...Hj...Es......A.....yo...o.a.W..%.5S..ag...oz..i...7.Y.z.P._.....4.Q....v..e.|.@i.... M.2@....aB..>.'?.B.....E..@...g..*fuO.`x.M.....I...."t..).#..U'.......0......\.+Wu......6.{p.......... .B.." ,o...@../........@e0....5T..p>sz..wdx...M.&....S.c$...e.[..c....o\.k..S_...6...v.z..g..m..1..L".}...4.K:....D..Q....L.....O..=..<.....%.1.......#.tm..n......4"SE.L...l.....,W..A).f...F,....4J...Im..rH.O.-.mKE....l..#...]y%.pZp..B.......o.Ks..k...G........J2.1..<7.T.i.....}............$............I..9_..n....4qr...R.8%v.G.......3....L..'.F....[..3q.{@.L["...3=.Y.@c-..J...+.g.$.Vi.'].~...y....../.0.o8M.....@.{R...w.}..l..W...8Uy.z.v.9.Mkjo.FOC+....D.....,L.11.C..X~36}...I3@...Jx....Re...x.w...Z.>.k..(:d...7.o....'..d@.4..[{A..~..)4.g.3H...?.(../fx./....d.....i6.T<.].9...P....*....$..8......./.'.Nm.y...(..`Z...X\eh......`..xy.L.#...m7]...$]A..l:x....W].%.6.R0....J..o.*.`Bz..c....2....(=GU.$.l.3$2.w....@...0..l.~...,...3xr.~........:.
                                        C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999819885959487
                                        Encrypted:true
                                        SSDEEP:24576:9udHJNevzhQCPBkyl5SMivSJ3X2MUWGd/QcCWFV4zWCpjQ:sdzevzhtBkdvvSkMpKYWL4zljQ
                                        MD5:207D521B2636650862858F58D58367FE
                                        SHA1:C5D2B423DD38A2C72814A7EA149C9FC00B83B858
                                        SHA-256:FB1EEB408D1583ED6C3D7A58A5787C8853516320C4592672F72B06BE1F266453
                                        SHA-512:EB175DF14E5DEBB38E4279739F202351C50D32C986D4F63EB88847CD4226CE23BCDC42ABDAE05EFE3251B26AFDCA2D43D63599D46F232EA9A87D774C64142A25
                                        Malicious:true
                                        Preview: .)'..q~G..,...wP....'$8....DZk..&_.\E.x.z...O.h']uV.$.Y..v.._7...ScJ......`qu....*y...JtX........b.=./p...6..X.8..\...W....cWC..a.].. ...... ..H..}.'_J....-....s../.....o..3.....3.{4...E.6hrw#...=.s..'7..,#.G.j.%7V...[...,/..Fs.....B.k.....N.4.....pI..D.'+..dl...n.(...T.j.1.....!.D.......Q.S....g...o..._`...6...b....OC...Y~.....|.....@.F..,.w/.".\f.@.l..Sj....?z"K..A..{..~.:l.A.a.m...'...HE..aq...".h2...(.L......+.u...)...._....m.x~b<....4t|..'P......9.C...,K....J++<p..c...TO.H.A............&.-.@.....K@. -.P*.^0).....!.."..x<........9.6z.nn..Q...#L[&d....z...x._T....'....xJ.X.U.. ..L5g<..."!..4.\....k./.&...'m.d .7...pI.&#......Lh.V>....s[.N`WGhA..x..)+.@b5..#-*...P..xj.......RX.#)N..!lKI..A.B..;..2B..P.....;.1<N7m..w.#..9<b.......(.Eb.jJ.......H.0....Q..~.........J.D.....a..B..D.e;.I.2..~*R....$..0..-.f...R$......HeFj....=....\VX1]#.].j[..9Z4T...N..~j...s.n..{....R.DZ/.Pn...NcX..b..}.....QW.<...}.z2...F...*R}..Y...y.M..&+v.....<...8.N
                                        C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1992
                                        Entropy (8bit):7.906232418165022
                                        Encrypted:false
                                        SSDEEP:48:P/XpGiKsvSbN6Wf8HOT/kWWtaYir31PYU6PJUge6:PfQJsvJuwW5YiT1F6Oge6
                                        MD5:BF9AF2DDE8CC2B83AF8D3764DE3ECC1F
                                        SHA1:6D8890D9886426977A598A89F0EDADB840217BCC
                                        SHA-256:C8E8F2389A6B2FCABE79A653FC6C6755097E9003D753D2440CEA598EE6E3175C
                                        SHA-512:B3A300BFD857A4600FB5BBAD518D3EED74C6306F8DDDF7365C23B4B9CF82D52C57F7FF6E06638B69B1922119C07BFB6F2141DF9B28660B74DFFDC9135B59202A
                                        Malicious:false
                                        Preview: .Y`...`.....w.'=SN.?.........b...p.w........]....w.B...i....ON.T..N.K.G.....F.tL....8...Wq.&.?.r..X.R......2..eo6b..|.b..4...Z....K....1Z.K..YM...,..N...q...}n.ze....+-}.......3.Ly...!j....|..'.....!Z.....qX.n$....se......8u.I.m......m...3T.:..n......].^;.VJ......1..O.xkVQ...9O.6..2......Q.`@.[.Am....%.Iz.M.BFV.U..|.l..<.b..B8..>.(.{=....>C.y.....u.Wd+.PD...Ur.dt.....:j.94.....P....A.d...H.b.......=S...j....{6V.G[.V./.I .....q.N0%_c.su..I+........F.......?.TW..(...p.2l...n4[.Eg..............$.........'.i..A.3..e....F..3Bm....M...`y..o..x.....AL....4.d..b$.ir...V.o+K.._..k.J.Z@:I..3.:7e...B..e.'.#\.....@...1.I.F..Hg2...(...."...g.*..fJF...L.d....)..............I...B(..e...x.M...N>..9...=.....@...C6....E.....R#...1..c.&...S......`(;........>..4..O,h..2.AF.\.....g.yL,>y..m`..$.jB..L.)J...C..d...|...^...c.(XMy....L..:H..{.l.....PBi*|&...=..!2NZ}.P...].4.~.A......?.......I.....9V........f.(....IwB<..{.}...2W..26...T.~.....Z....9.s..Q.kD% ...T..c
                                        C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2988
                                        Entropy (8bit):7.918243761219612
                                        Encrypted:false
                                        SSDEEP:48:I+BmjnZGcIK9sF1uyxuUNjQYAcBSun7qpiCQmCejbfuvT2HKWrwf:I+05o90UNjPTBJn7AjJCevEf
                                        MD5:0AC39670541F3F12042917FBC421E0C8
                                        SHA1:B1A63D76325921DADE3D40E8C919921ACC05D0D6
                                        SHA-256:2B1C22852BE4E91C04B32F4667729B80320D194D843E513082EC928CC6344774
                                        SHA-512:EB8C27BD6ED1459779668E9375EAC768B557A3AF7D861A9EA221EBB456F0E5CE301E82A3F68F481242D1290FA1F010B960ED05CFCCC00374C7DB52BB33824D2E
                                        Malicious:false
                                        Preview: L!Md..o.}..j.yS?.CL.i...."...S...S........Fsm[..../.}......u..j.?..=.......-....m.Z....Z..(8.$_.<.L+..Xc..N..B.GM.. =...i.r...|..o...p.K.....`...c..Z..eJ....DT..g....aR=.&WI..s.......d...............a.6..D@.w. ECu.b.T....B59m.x...lja...C......<...z./...T.po.hx{+.6S.....LBx.E...U.Q.M.x..H..fs......j_.RO}.u3...l!.....|4...m..f>.w.g.8#X.>TH.:`....9.s..(B..jn.{>.....{.@W....n.c.8.<{3"..6.hI........R..y22`..*....e.~..|.mA9..H..Tt..\@3..Q......AK.g..sKN..M!0.....Z,;.,cUq.....'....R.Q.ZNm.Q............$..........+..`...!].b....x..o..H....S0,.i.HXA..H>i.!..S.z>...@...."......2..m..Y..R8..........h....Q/9......}$.U..#.xG...8...SP...>).....0..G...J.K....<..s....$.../&z..9h....0....}.9......I6E/dE4..RZ.....Cj...E.!....d..@........q.e..M.....j.+..N...-...."..yD...u4f..$.H3....9...Q.Zy..q.."...w'T....VF_..RZ..+..b........c,;..........Z.&..1.Oh...7.3.B.....X.2.(...v.y........3...'.q.....hOe...[.K.#c..l0. .!+..~a.2&8..fL..{..].....^At,`..*....f:<..E..^T_4.
                                        C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OffSetLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):16242
                                        Entropy (8bit):7.988200244657915
                                        Encrypted:false
                                        SSDEEP:384:5gjfMF/x2JJjqVBYBc87c2Cl0xUaVtxJaJakTfaY:5wfMpHBMc8Yll0ftlsfH
                                        MD5:3DD950DE25E12ED72F6E2D48D2B68510
                                        SHA1:3490D7D84FDF2D7B1B7011FDA78B23E50D31F91C
                                        SHA-256:CB4B519CC2946DB3A1CDF186E098092D124A0AB14300EFCC76D7F62DC79FC964
                                        SHA-512:A04E908D3D8DAE69BE806BC7B66D0E0805D8B8773ACD0804CAE4611F6AFB392CCE48A7987D8E5A0DE889991BA4B3CA763C694F33FB661D90B431566EBF07B7D3
                                        Malicious:false
                                        Preview: .........3...Y....Yk...r.......|...s......Q+*..yq4.../3.@....(.V.+...<.9...}}...c..f..c6..........(upv.R..NN....c......ic....!>..,..E..rE.$.C..<.y........d_..".K..`.]..V*.=.h@..n..C...I)..9k...e.'.gz.BC.n%a.W........EiX.d%....D.<.../.4Y06)....a...9.[.hYH`\K...m..|........F..C....#E.....4C..]z.....A...l..6..V...Q......h.9..S.."... .....sMuS.(..CM.".y9.n..^..2.(..A...r..:.$.A.q6G.b...:.....ic.-.s.r.l.{J.g.`.}....l...A..R^%...s..Y.k.p#.Q(c"...J1iX".7Q.D...@.m..2[.$3.d...J..O.....+............$.\=.........5.....:+..(.5.0.i.d.x..pH.....jmrd...2.......1.?.$%...P.G.Z...b|G.9..-#T`L..g....d.%.....K5.b.eM/^R....v.]R.$.j...w....$>..^.V'B..;...j....(|..e.Wi...{h.K..sf.....@..2..v.c..\...{G{|)A....!Y?.k.s.z.x.<....o.?.~.(X....]j.W@.9.E.Kqh...o...(....$....,.....`U.'.J.%.$.....^.Rcpe....x!.s.y...4.......te.z...{.....K.k!.M....mY.....M5........_.......5.xF...q[....*`.........lwiI`..s.y......^.?.N:mX..>...............\...1*..........AG.zN"qH\]....$;.6j
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5853934
                                        Entropy (8bit):7.999972831808104
                                        Encrypted:true
                                        SSDEEP:98304:UD+OHAC7HycZPEQjPOHq2wVKmavcBAq+tOTQpnCVRebUaxisgg:6+nCbydqQq2wjaav0vUQiI
                                        MD5:B4B46F34F282AF31ABDD2AD326E43F57
                                        SHA1:B3C6D378D53DF30B0C264E04B1CD5678032EB73C
                                        SHA-256:5D842B928AEA86D981BBA2177FDD39A3013031EF0CB21AB31D1E49E8274AB37C
                                        SHA-512:AD5EDCD2AD39AD78110231B08ADA8989F6501C83ACDBF17DB763FDB7863D867D6BCA2D78CA6DE3687135E037773154BC30310259113F979AD61096C1751A703B
                                        Malicious:true
                                        Preview: .>...ik..`l+...f...}.......$.Vg..l'...E.....Up%t..!*....J..3K..bU.m>...V&...........m../w..qFH\..A.[......0.R..N#.<A\..#Q.=..5.... ....w.)\.hkPr.N.F;.....D.L..B\f.x.......2..k.J..1..f.._...V}.X.\.b..X..?k.F..C.....+...........c...i.C.x.:...a..Q.....7.,....Xw1T.A...vp.)...qO..L3.D....32.lq-S...d__.y.W#..~9..{...........oqc".......7..p.B..1........X.v.OB*.....Q.:E.......b.A>WHfm..O.....`.NE..y......}.....F..C.R.:...p.1I.h.d..=.w..sii.2....l....LO8a......xi...........@....?.]............%2.......4.. Uq....m...5...y.m..v..,ZA.1..C.T)....D7.5RV......'8a...Fc.=...e...h....R.w.9..g..Mo..0...h.).eZ....7....Re5.K.]3E..C...kHg.h.i.wU.....e...a.k)K.....PZu]6.ak....-...s...H..%"..i....a..oiA..%.5."S...HM.}.o{)....Js..h.M..]...O.<6.H./8 ...&..P#g...w+v....N..V..=...O[.1^.,...6....y.U...h..l..........'....4..x..s?...i-&.N..0..;....'..l.5.l.&.....(.C..>.X.~J.3..C..}S..f..!.....`.+.+D..=.F......i.*........bJ.....b.|`M.r..........f'...N....I.'...#
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5809
                                        Entropy (8bit):7.965591696727813
                                        Encrypted:false
                                        SSDEEP:96:ylMrlgiVpZyd4Z87AK/pS9O64VxEuhybVztn7iNZs2Hu0CaexGcd+JPdrI6mgejW:ylwrVpcyla4OfxEuKztGc2ObtQcdsPdR
                                        MD5:C4E3B5A0BB942F27B9E546E601C45817
                                        SHA1:0DBEFC2547D396727683B6DA1958981CDEF2ADD7
                                        SHA-256:47327F418A88AC856D4EE98782C0CE599A30BB46FE0C0749B4134C35CC2E89C8
                                        SHA-512:5A2558F7EE008AFA389F9EC9107DA85D4A06BE7BBAECDDDA4CF21078D5A0EC2E434CF05E54A506110FDAF6E8BAD967E17441264807D39C90DA86FCBD3547E8FE
                                        Malicious:false
                                        Preview: ..".Oi45".L.....\n4.[...B.2.x..4.{.[.=./'ujv1..cov.....e.'........-......|..J.........e.[...u....-.+..`W{%.<M1.w{J3..{D.B.Y...X$../..R..-7F.M. ......1...,J.6C..,|h....]..8......Q...E.M..}..[^@.....(.4....h.......PY..7@......Y....[+ .'.....(q...K:...U....*.j.AQ.,6c...]..jq.....;^.BP.R.-..hw-...-~pms...=.x...].%....aY....MA..!...C.I\.......OJ1..#...B.4.zi..n....f.E.x|.C...^.w4.G....vZE.ce....Y3.......8..s..Lm..qq...J;6.<)....v...wG{X.Zg.}.6F......l*T..+.^..A.I|.Xq.c^.....1.4D...LE8z.R&.`.\............$..........S9z....j.......(%.1......HN..(.3...T.{.4^.@i...T. ..c"..7.m.....gUY.]...z...}^.....a.}J...*\R.L...}.....pX.+y...r..!Py>..\L....Dbzp.X.&.....X.....>....!]q;...0..=.xHK..m7..... .zO.<M.;#w..a...$.}R....=%...&U-.U.^...?NZ3O.@M...qU....A.........f...Z....5.iRU.p.K..~.%.#....t....A.?'....L...M.~.B.?.s...pL.......B..w....1!..d.|..../,.1.....q.KjOM O..,.NI...GM...87.I.....O#.....1%.1....Q.0.!....X..].......b.p.._@.v....Ym3.w[4......H...
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1566
                                        Entropy (8bit):7.875677670727905
                                        Encrypted:false
                                        SSDEEP:24:oBzL5135eI1RoHt5AeN8ymTWg6U2yK0D5tPIjDKTFXU6Ki2ulpUxIm:oVF1pD1RoH4eN8Lh6UH/2D+N54ule2m
                                        MD5:E683214D933DDD52D67ED72DD379EF23
                                        SHA1:ADFA143EB3EF58700C024EE6E6A81533F00C662F
                                        SHA-256:E52C052D86ED96EDA4D4E18B96A207DE11FFCF5720E4E5D10C9B923168C9F9DF
                                        SHA-512:F0A4F3B1DF7A65642ACB024AFE5F659C63221B3ECDC59B2FEA63D3682FD9CACC2037623D1C9FE01A3FE69554F78E9B2067A2E35EC0FE1DA39B74BDB70239FEFB
                                        Malicious:false
                                        Preview: .(...k.j.7..+,.M.....ukw.z.;.z..a.W....../..=.....%........R..pP..]..=.O..KURP.F.+. h"..0...m......M....l9w...i.VUcY./.....a...Qt.....K.1...S5..{.1.5.2......v..S...+.n'...6.e........9....\j1..e..a....D.x...qR...m.8R{........f.g..........a....a!....K......}.&.....7rd.]'......?.8........R...n..I..T..s.T...l.......Q8...S.p_./.3..BO:....w,C.aq...Ac.............4...E....W.GD.q.#.yT<.j.n<C..M|..... u[l.^..w......Ov.....N..._F.....y7t....9z....S.i..!K+...I.P.7a.<v.....;.V\.|.y...[T.............$.........y..X...c....;.....Tlt......G...EA........S.,..N.@..Rc..TH......(....Ys...M..S.D.k.V...c.....K.j.......?....g.......T..Zh.....DS.Y..=....R.@....L....$...x.!......x..F....q.%.......gE6.y,...'..Z-.}.{C,....=.$....0..ql..Mp......h...,.y.B....aV...s.[... .$.o....V.<.Y..<.wwI.>.2....#.W.Ev.Qf...........j.T..x.%x.... ..F.<..T....2....Y...7....m<..kglI.k.8.....:~D..h.....s..7C..[*....._......Y0g.B.be.b8>_.JF...?S.....N.h.{.1.QR1..t.?Li_~@e.n.~..3......
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):9017
                                        Entropy (8bit):7.980303166829453
                                        Encrypted:false
                                        SSDEEP:192:Mi3tymTpaxozajDgmgpwFK0qtVC1f385qc2+Wd0m7Z:Vpaigsm1FKrVC1f4qcaCmt
                                        MD5:40BFD2B5CA93052454DA487F43B59006
                                        SHA1:434E38CEBAB951738A54D1D489FF4D6D998A05E1
                                        SHA-256:A21B0779F66F5FE539B14E1878A708CE5BC803FE6532345D7808C6D94D72F676
                                        SHA-512:9443FA77E564F442EE728F3103E3C3E719CD9CF7B05F6FE2052E1FE7E8ED41B0B767117CE3546476A75C17EE06DD3500BB3770BC5D28BCF75B97E43458F6A026
                                        Malicious:false
                                        Preview: ...h.....nw#d<.cc..F....'<..z........X.G}.k!g.p....1.@..M.........Y....%.W4.....U4..C....l...........[.6...^.`..up.9a..MT..o{k..^2..A.1.{^...p.9..:......n....'..I...W.^.I.%..f...d..aZ./9.2..;.-C..<.........w.......o._.."(^.0.].B...*.c.......[EBFf2....;K..L..s.U..9.2.H....[......m_....5..O....$.....hX..~D.>c9...z.:.,..{....T.<..1..K=$...+h......;E...-...T ..N...J;.0Z...x;.8.....0...OM .....-r.X.t......i....q..E9.a..R.>..IS...../p.B....X..g..B.AE@u...XgT*h}.W..!..Q..7.\r......=..............$.#!......H...Vz9..GH...quMR(z<x.~......$.".....+.^...V._MjutJ..H..P..p....LD.B..'V.........4.I.;..5)B...iv0ot.S4m#..a...>.u.....!7J........t....e....I.....T...O..X......_k7.j...?.y.O[j......(..!.I!...f...q.o.....j/.e'F"=.J.....XP....B8T.....o...(.L......wV....."....#.p..'.U.U..`......8..\wZ.e.UV.N..I......).z....j.A..+..r.Z..>.8.............4.T..j.?.f!..$.3..U..22.9.s..j...8.G.e.|jB.M.%..K......t........v.B..y2ru....V.[._+5...5.__..Y....u....DQPA..D<..
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):11286
                                        Entropy (8bit):7.986316614653432
                                        Encrypted:false
                                        SSDEEP:192:SEWDGxRcCwtsAV/EKu/lsFwGy4D9ov9vYVn8LJibxoKMXVnsGfxWiK1mb9HKSSB:SqR8ts7Ku/QyWw9SYJAY5sGMGS
                                        MD5:C3F5F9395A8F0B267560758C2E24B4D7
                                        SHA1:00FF0CEEB3BA992F3AE105B0982C7B5A8CA043DE
                                        SHA-256:CE7B9B02E7BEC5063C253BD34FCF8AF4ACC4C3BB3597AA2E3B61AAA11A689849
                                        SHA-512:75C7323E05DA8F511E7E318AF4B6034C02C2C5668406CC035D22E94E1E088F16738E93FDDAC99F586D6D7D51FAA8C6FF537A406EA14C3DD9C34C912A699D24B3
                                        Malicious:false
                                        Preview: ..f.L.m...5.6.|..ZN.XeK....8[h\..>.,.*...$g.......(E;..`MI~r..2..3......[9.. ..&#..#i.i...F.B......f..8lx\.G...)..6.|......P..19..`.`(".+%...[1.b.....f..I..EF.^...q.5.....gq......'.e(2O.)DJ..C=..6.8...P;.f<,..q..j.uQB..Kf....u..?K..So..i...~.....Q.OV..>..........F...%7.(d..q....45`t.-.F......|P.8...%{........).3z....F.3*.........Dv.g&..F)..m..\zl`.........y..Ju"iw.~/....@.....@..P....3.h..t.daJe.H...b....7.D...6^AO_...NRz.J.`...i...i].h.0....XM...Y...d..W.jhB..m...{.4.D....g..+7................$..*.......N. -.q.mN.....5...l9j. .l.?3....n.....k...\.......Z....a.+....r\..e=.JK......E...[.].d.U9@......h..(.&.U............H....Np.......G.^+.RW.sd.-.j....K..MI.xB]...KX.....S8R.*......Ur.-wJ..7.*....9.k.G.2...w8....*..P......;...&M...z.......7d.>ODF....M.B...D4..F..q.A..$5.Q.D!d*..<Ml.[.wA.bh..*.\...e...]!.....j....G...Z..x.".0........j..%q1.7.J....bm.o.b...Y\v{.....U.........d.A3.N......S.3n9.b.pp....R..ppu....q,....veS....\c...Q.sc.`..f..../.z...
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\branding.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):336847
                                        Entropy (8bit):7.999481334554085
                                        Encrypted:true
                                        SSDEEP:6144:c2JX5MWCoQZn/TuBgVgWEK7S4IoE41LQHwSYuudpdwgboAKe1a9nJEoWs7WQ+oa:hX5MWCFSyS+zLQHwSYuul5X1a9JT7WQa
                                        MD5:5A933FCA6CED4B0932445EF50754FCBE
                                        SHA1:ACB8445B0D3FE0953EC09AD7DD3AC9D86D8CA370
                                        SHA-256:2B0933434B097B056A5D5046479CF6DDB1717BBB6D8E64A1EFF8FA0924D87E78
                                        SHA-512:BAF24DA88580AEBA63B92C3B26587928DE4FBDFC8CC71EE32BA8995E24A52DCCF5D1D5F8E2F5C6AF3DBC676561ABA080C34BBA9E895F8898F4DD045B68DA4EE7
                                        Malicious:true
                                        Preview: #.....J.e.m.G.c.Ges.Q[..^l#.(...a3w.......~*(.....0.,dc.1Y...T1.t.C.B,.../...Rg.T.?........G"'...7...._..k.!.......w(....3..q"l.gv...GO..^...+.}...........B..2 .4c. \ocq. oE.F.7../.?B..}U<UJ.....y....x&......l.9Y....@k....X[W.......Z.k...........&..+.c.p|....Ofk...F...p...\.S.^HF.e.....CAgf.v+..X........l....7......}...1G.....2..zK.....s+.E.Y..3.T(|..F9.H..=...tk{.S......;xnc$..z).\.6.t..`G..9$.}.i<...g..b.E..e.....[..4.3B=.g...u.A?.v...".%.....x.....=....dV...;v.c#..p|8.j.&Y..X.............$..!...........[.!"Y..%...+.k.~.~.3.<(...+.iM.L6.f.g..r....).kt.@(O?...U.R2....5.~u$."4.}..2....<......L.......8..S...)....^....5.,.P{...TQ4:.T...cK.)/b....oX...7....$.WX3.........NV.)..s=3y>.j.G6zz..-)....V.*.u.@`.i./w:x..h.@{0@...E..7...'V?....j\e3.X.6....Dn_,;^s.\.`...@p.q........".IB.y\..o..f.:..H....6I.x.,.I.......].k.@.r..,.ju..m.....=D_.b$qbk.`..l....a....&^f(.C.......s[.r..z.O.^2.V..e..n5.50.p].nz...V.;f..4.o.V..K...a.`.. .I.X0........
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):15132
                                        Entropy (8bit):7.988224563651461
                                        Encrypted:false
                                        SSDEEP:384:ItSliTl82mYIisz+yqdJN+79NZ5/dMDpW9c+yPx/dDGwkUSF8y+HF:ItSg7EedJN+RNTkpWufGmFHF
                                        MD5:553546C9DD212714921B134ACCF232C8
                                        SHA1:BEBF7FDD2D79D34BD62338D202082EF9F54DE125
                                        SHA-256:878B472A632813B6E5D2180E691E0F2FB461ADDC0F54E4904A34057757B60550
                                        SHA-512:1E120BD79211C567BD1240D836EF3254FAFF8D476CC054C535C1EB9054A5ED5ACE0C6FF37160DA6151582CF4C0F59A989839574805C65ACF9A1514F55A8A08EF
                                        Malicious:false
                                        Preview: .{.`.o.uj..`P..PPgL.....l...2..M.O,.WB......Xd.).'.............N.;0..h.............Jx:..........K.....<}..E...._....%b.J....(.F.D.8,.5.iA......Q.4.U.7....EJ.Qc...#c..]...A.{R..~..F.G,.../;_g..}MF9J.M.wd17r{.......S2W...@f....L7..P.0x...,..?...='.k......|O..._].....,...9}.8./......U........F.|aD.b.t.D..ut.@.V-U4M....:,..E.>]..\...`....e..[.a..AKS......4 ;.#9.....1..k........X...,'..>!P2.I...`.U&..Ty..W.....P.`....".....Te......~g..g..E..9.l.Ao...T...J..Q..mx.(b......t..B....!.............$..9......mg...mN...k.Yp...o*j<}CmnJJf.. 1i.IW.........!.p4+F.km2.j....*.z6vT)Mvc.a._.\....].: ;.....h..U.=]4~.z.d....K......{0.I.K*KF.?..+.b...\.....Aa...W..{..%.....~.`..\mo.Y.:h@Ll../.N.,...6Ke..WN...A%.......0h.7c......`S.#.$..~./L.7.I....$.;i=......h.9u....9...\u....b.k...:!r...w..)n.^...z.....4.P..uc.g.[...1.....L9X.3....n.....Q.lI,..s..G.$.Wt.i.>:5..~y.%.0..c.C...}.+A..8~T8zL/.!...|.....K..s.1}....,...n...j.......F.g..W\".[...j;-.\'...M.\.qt.V~
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\setup.chm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):83324
                                        Entropy (8bit):7.997635528717266
                                        Encrypted:true
                                        SSDEEP:1536:e8Kstkhn7I0iMJX+5f7DKQIq0VP12eGGA2nDZ/BruSJwC4NYzfF87C21NpFU9ctE:e85elzJX+5HKQIq0VMeG8nDZ/9uIPz9V
                                        MD5:22933D7A816B4E5884FEECDBC880C010
                                        SHA1:56DF9047217B17571E932D6F3E28CA33C55C71C7
                                        SHA-256:D3AE8E3A61B2226E592EEF645B834A64FD8B17F51EC2AF951D242E012E049D35
                                        SHA-512:FFD040124FCC63295B9266AA22B15D6C1C66309BAD6BFF559B1E246191D0E31B6463188DB60876FA83B74F41646D6781C2818C30A78F5D73EBB7601851473FFE
                                        Malicious:true
                                        Preview: uJ...........b...[....._v.-.j..`....t.5..;c..W{0@_N.M.+"<._gn8B...V........e..u\......yL.p..9.;-.n......R..K....#Tn.*...,l;.1a..N...k(b>_R.l<%...W.k[O.q\....X....W.h!...t.mv.......:n...I...6..%w...........:.xB....<...........W.D937......X-..x.....(...j..r../....c.'3[../.B=PGc...-.f.L\.../.k.D......%..c3q|.Z.....>w.'.p.....>G.......~...hi..*|'..."..{t..0.1...... ...'s..:...JH.z.H...I....T.k.^...hJ...c...[.RD........?=...).S.ku......*.f.ji.Q.G...z...#.Z.y.....;s4I0...,n}.t..N.P.....]....:sZ!.D............$.fC.........Qd..7'.f.)Y.!.U.N.O.{ED..de....Qa6]s5Y'..F.....#.[.x.....f.....#..:.|.t.\V.9+|......DU"Z.. eO...%..[..<+E>q`.......p....U.+5.q4...\...t.NG./d.T..3.:....N...`n.....c..+.t.I.hR..?..6..S...-~w.......i#v....>,a...._...d..w..aa/...t....3......k$)`..D.@n.c...n.}.=...=..dI'b;.R.>...X...n.1..#u.e.?..KT2..J.N........J:....7..$..E.Zv).r,i<...I..O.z..".ME.....(..3v,....e.$tO..Vl%/-"....."..\X..N..c.....c....z.9... ..2.d....S.3..K......|./....YHD..u-*
                                        C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999835262965355
                                        Encrypted:true
                                        SSDEEP:24576:i32znjeOypgOkjODGWHTO8SR7Zh9cQ265uMyK3KtzzEvyQZCxr3h:iGznjerpgOkjOZzSVJqkoJtn8yd1x
                                        MD5:8DAFA531914456D56E13D2096A09DBB0
                                        SHA1:178BF1021C189E6F2C9D4BC0E09AA5BB081AA36B
                                        SHA-256:7BF14F1EC2A612842602CAF8241D5DD50C12C66E42389F7AC5C1FC7AFBD09423
                                        SHA-512:10ADD9D38F76A288DB3157BD04BC4D6CE048FB4FF7CEFE92721BF86A4AD6C9B24CBB264AC5D35CCE716451DB16A3CB171B6288CFE5CECC333D3AEB201F52C03D
                                        Malicious:true
                                        Preview: ..H...b.....v...O.K.Ii....onZ.v. ...*j..(.\$?.r..5.n..US9..!{..W.j...s...%90...S~..&..@6....v.K.....W...S..`.c.O ....l..Q....._.\.e.0^.td.W...y..'..!3..'.._..4..q7.+'.s.[.^.y..`.....q..;8j...^.b.6Z...>]..J.vh.f{.+..HP...{R......f.E..)sZyJ.Y....8.PC....$..-...<e;...e....^..?1RG..0-....B.o.........Y....<%...x[h..2...f^Q.!cG.R..*..O5iZN1..EQ...(~. .E..c.P..5y..o..g...9.Gx&..........F|......!}..O.Ux....U.......n.=.c..........".y.d.........u.!.a......q.p.=..[.........*.xT..Q#............&..p..........D"..z.^.74.D.m.B...fQ..g6..md........H...=6zR.k\.m.P....ff..LU......q.i.P..#.6...@#O.$."..{.^8.e.:.m..].`..%..[..[.pC.;.!K.H.M...R;..i."b`........O.. H.pG6..8p.p."....S3.P6J.f&....k.....>{..J..-.J=.(.9..u.0.k>=............Q...I.. ..@.....\.+..f.^a.v4.U.s.-.R.a.}p..l...5......v.[G..}..f.r...O...'.j..hQ.iqG'g..-...hP.#...i.W.(T.g...b....Z....#..z.j.X..4.....E~.I..*..]i.i~...K.%.....YfkRy.o..k...hh.......@...).M..Qm.4...C.$REzF..._.`.f...
                                        C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2444
                                        Entropy (8bit):7.908484367108717
                                        Encrypted:false
                                        SSDEEP:48:TKJCb6FgW0NJUSeV2gtPBbXJHXTtDQkbx12AG0aSYUx2QvR7ppJaPD:TnEgFUVHBXJHxDQ212HSfxvhp4
                                        MD5:56F87495B28F85FC6D25BE4128E051FC
                                        SHA1:DD2B481E37FF27C42C5CE96CFD21F2903D360677
                                        SHA-256:89FF7278964CD5D1197A55AEE2090842A64F96BF062A712BA340A90A32528867
                                        SHA-512:4F00F59580367696AE8F6505B93C9C7BE7DBC5B861463372DFE0B324F159D699D09BBBA203C9A7097D8987D894F2CF4DACED37B118A4788F6C66FFECE5EF6DF7
                                        Malicious:false
                                        Preview: ..Q.....,}...6.M......V.3.&.P...<>..q.iW...WCR......<...d9.l...=.j.j.].^.%.29.\N.|.Y.V.-......d..E....g]o......B..`..t..!...8w...=..+%...M=......._+..a.!...nf.HR.h.;y......z.j.y..4.AC3..@.Q.s.P@q..~.G....h.....*...l...C.k> .>[..WN#.(:..d..8g{.9n0.Nj........?&^r.!.R.nK.........PQJ..&..hIwX...8jD.......b...?.....O.....j..d3.g...G..!4Z+..9u...B...*.."..z..N..v..ax\.....{.k33nv_...n4.#W..7;..%7}..`zV.Em.}....<.....;3...[....z=*...l.2RHF$.b..pC.}..a..d..u..a..3e...v.B.#y...J.(..h.G.......=.0.V.<............$.v.........LX.[.V...s(....n...uX9../...._......cu..k.......(H..F...}.d....X._.I..|..X.(..Y.......DT....}.r.Q..k...\.,/..~....ATj..!..&....I%...(H.....e!Sk.#4..7R.v)......[.......3X....%bL.....g.8........?....F5...R.'..M~...X..(..0.p..5.E4}.......Bf.]...u..:..D.w`4;.n.... _...>.~...VHg^...@.2.#k..wwK.DV.....*.#)ef~.`...........E.^.x.......|.....J8..>s..... C.U,.|.S.Mb.b.!e...OZk&C.V..<.....e&+.$.v3.....*2.s.F.q...P.$..S..<..M..x...A.d...P...kl_
                                        C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1570
                                        Entropy (8bit):7.856529152187118
                                        Encrypted:false
                                        SSDEEP:48:pYmU5TjNTcD8QDIYGNfEgt6u3f0ddrNwAIRHOn:pOtTHQcBcS/GpiAIRu
                                        MD5:2FE5E03E9874DE57CABE0366B3CB9526
                                        SHA1:5F9208A8EB7BD5DFC34792CCD66F284DD5CD621C
                                        SHA-256:87C2BBE50B45BAE08ADBF86FD75EAD85F69117FC7BFAE948867F34F53DEE1BAC
                                        SHA-512:8214C7453ADC96B09DEFAB316F8211C4637F8CA0F81342DC08524AEF109AAD0ED804D0643D14EA452E4527FA4E905108A428B19296F0B3FB48C79EF45122034C
                                        Malicious:false
                                        Preview: e.....,V.'.J.(P...V.hOe......=...l.t...l..\.[(.vt.._&..k:...g..4..T.l.....2!..|UlM.#.q2.P.j..c..Y..'$.2...B.j...Z.P...C..h.$6..gm.n...|.\L.4Ibl.....m.*.2.<.m.P...%t.Ap.%...-=..DR.3....~F..5........2.Q.v.w.-F.Z..Qcw..A|.y=.*.E.d.vn.+....%.@.......n.L.........]A7Vj.~.a.C}.!....R..+....F.5....^...[.o.QD9....oUM..w...oX..}.3%...wO.{..`.$.`>{..o.|..?..x....Ox...#.^R..hGd..(.|..`..9.:...|BA....4........=...tz.Vv._...u..0..Lq.,.K.ta..*?..m...12....P...n.+.P...V }..&i5.... ..ki....@...1%............$............1....;B........).r..'..Rr..^.f....q.n..BI.Lej0..<.|m.`.X.`.r..Dr....A....b0=>.@a.i..V..g...*ZN..R.(..............=.Im#@.D...M_Gk.q..4'....;0S#>F}.p+.-.4...t...[...R+.uB.#.......<m........|.!...5>.g.G7\...*&.K....Bv...u~{..3.(IG...Tc{...,...q..K5..:..{............@z.w..C.v.?...&......-\2.'."h@.`|..dKg..`.k...7|..h.O.|./...P.......q.T..H...<l..]rO=o...Nj>f..i+.;Z.{.^<...k}S)..O.|..gz.}...E.K.....x}D9*....=Q..ol...9....im$(!Z.F.......
                                        C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3656
                                        Entropy (8bit):7.952608602919162
                                        Encrypted:false
                                        SSDEEP:96:6CYGrPxgCWLcxg4HThfcFAWtKZQxW06auMam+KYKK:xYYPLWLcJEFnYCE0fuMam+QK
                                        MD5:73647323933AFBB75A9E0B07DFDB63EF
                                        SHA1:635A1688419CD2293E42AA4F76A196DCE4499F56
                                        SHA-256:4B10A0D2C9B9E4185CF9593287499FF92E499AF471F18AD77A14D9F0C38FC92C
                                        SHA-512:629DC463CCFF9A4168D34AAC6FE0AF5EC00F94DD58EF8F2809A705C94230DA516BEE02D41A895908206EA1B7DF7DB8BC14FD3D28D7F6485846F0BB33408A1FF3
                                        Malicious:false
                                        Preview: ...!..L_.5.F....x.4....es..^....lu"U.#.k# y....QL.9.{MY..X..p,T.}..!.s8.q?=....H2..P...H..R..Q.C.]7)*...i2..[..(....{o4."..@..;.^..yZ.z....k..V%^z`..>.1..%p......&g..ff..an..+>.H.[......8>.>8..g;H_1B2.z..W........]+...........q..9..U.=...8F.=..?A.HfB......I%+P....(.w.y/6.|*n..].d..%...,U.EW...n.|mK.....K.2j.k..8...3.i.6"N...H.#.....>T:......T...}....W.8.W.T!.K..A..P.WLx~^.NHH,..d.......Q@.;,6.D'..Y..7|.">..A...v....l*.@.b&.%!.U.....^..e..#...vv...}..v...v..D....".D..c.~......X.pq............$.2.........z.0(..SD.6p.0..e\T.....cL.8T1*X.w...0.c.rQu.;.. h...-.ay..L.'.(...L..1)..v....|...BXs&......S..<.>.^....c.,.`.....=.?O....Z..c...N..w./4.6.${Ny...........O...~p..p .B..1r}..q.5.$...-...fa....M.o4..v.y..p.........?.J1.[......9.5._...,.n...c..t.Go.......aM..Ai.T.......A.0...]......<^{...d....mf..v..t%...%0.i.*...!...)G...jZs.Q...+....,LPx[/Zz..Q............O.....QP'.JY(.kE.e.qA...'...(.~.....X..-.6..7!..6..!=t...v.W...[*UNyE.9(..+.#"......N.!.
                                        C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\AccessMUISet.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1566
                                        Entropy (8bit):7.874322819801985
                                        Encrypted:false
                                        SSDEEP:48:C0FDiI408ovSjsjMr/VZkAYUQJxJ6IIIz:Csi+gOEXYT7x
                                        MD5:0B99539E4ECEE1F2C8AAF124554C7755
                                        SHA1:A424C073996D0AD492134D58CAEDCFA09E312C6A
                                        SHA-256:CDB090324F8A550AE4B7DF040C06BD649A982D62529875CF811CB8D44E17B91D
                                        SHA-512:5C918B9F72229BEA183DB5EC2F2E4FE0EF3579ACD4EA85103C0653E92723DA65F6CFEB036AD98E12F329A445CAB6C28933351F8AA3643B6EF10D37F75F74317A
                                        Malicious:false
                                        Preview: .{...7(J..ee...e>...<.1.....K..X.z.q......*.kb.[.. _N....b8.*...e..X...cO.C..O.......}..Q.;...A..y.<.VF'.. ...5."..up....l>....Y.2{.jE..1|..Q..(....ZU.,.h'^.=..;.t....X..TI......E.-1R,T;....yE.h._<cI1.|S..,R.......].h..p.L......K2...K.....x.w.BA..%Q.J...g~..j(..h..Qi..l...h...B8&Mv6....'..`..3M....m?c..L.X...a..Xo605P..}..M....H.[..m......K.*y.w".q~.z.y|..D...c..Igch.[.....oIHdY$9...w..N.]=.....*..+..@.z.Q..........5.t...}(..d.}..L..B...!.x.9.l.h....d..\0..,.............G ~.+.FU..{..a............$.........?Q.....O.......=g.D.1...."gt. X.m<..f.! e"..c]LQv..R.j..c.~%h.s.).y...H......d..*0..B.a!....&.^...T..|..e.B.A...W@.&..Lwd.....Y.2M-.[..r..gY.7v#..mX..l...P.z...._..zsMF...7..T:l.......Z8a*...=B..m......H{.H`?~R..\...~..c..7=.6.V.x.;.Y.J....~."K...U.....!Y...G'...y.........k.....c.a..RL.`.Me..r.E.....7...[.....;.........$.y[..c_...[..U.[j...zj....3.^.:..'./X...9.g..L7...s....?....o....Fx..5'U..1.....+.....A..[&.#...k1...I.'..'..
                                        C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3118
                                        Entropy (8bit):7.934626760478628
                                        Encrypted:false
                                        SSDEEP:96:kFmbm134Czz7L9sffzt90wrS5ki/meoo44kTJrZy:woC7LMn7Ji5JUJly
                                        MD5:3F4147CC43D9C00C947D1D89E816DBE8
                                        SHA1:70D84AB004BC4C40A4594BE9ACEBF97ED01217A2
                                        SHA-256:6EE1C37D924BD3D05AFEBE4A3282AD59468DEAD069E251EC3AD1801ECFC9A451
                                        SHA-512:D3427FA8AB2DD86EF7A4BA98F213DFD3F48221B3CDC4F767087EB67B053E938D84CB6944CED46C6D0DA799F9A0F4B9F387DA61685EDD2E7E6790BA93FE1B3379
                                        Malicious:false
                                        Preview: bF.....M..\y.L.<......b.......A<,......D.SPo..].FG..Dj.F..\.$Y..+.7.."N.o:ge....`...<.........u7...2T.i..xy.`.p.|...]_...1xT.u....k.7...\..xQ.............3ho..w."B"k......hU:^.i.....e.=F...'.<.~.js.L+v...''[.8.7....a...C..BJn;..D..X1.'..U.~.........m....v#++.PZ.)...H.-;......o....3.Q.3..N....@..g..H......e..8I.E.....G...hp..G#.con...dL..}...x.DK[:&O..[.=.U..e.c.E..b..!...m....@9~.....sD.....~NH..i_z=..W.!.=F...Nn.t..c).$..{....C.j....v...S|E.p)..;..^.#....!...@.tv.-..I=.H.c0...{................$.........$9.D..;.......s.9.g.wK..yw.3hT-_^c.XP......j..(g....F.r ...[.@..$...As.6.X.cAKh.S...|...be..3?....pj!q..|r*..is5{r=.`..XOSt.U.....9b..#......E6J...a.~.x#..o..y.3.V..^.y.3Y...RHQ..o.8...k*x.^./.Y-B....h.:.|...88....A..?n]....M.<.g.~C|%0....Mn...W3K...L.=L...O.<..t/.s/..:.##....'...~..ak.s.5.........J(._O[ O..>..U.l .x.+...Y.......9.#..........h6.e..o.=.oV.EQ.x.{TO\...|.h.R...PX..t....8z.V.>....(.?.....}.hw..!p2...f.=....V...A...KL.D. ."..J.+.I
                                        C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999843824066044
                                        Encrypted:true
                                        SSDEEP:24576:wuQyP3g7ysdCuTNLIyE0qXME7mxoyh7Sz1w8/vDIr3kJH2o44RJ:ZQg3g7ysRjqXMEKoyh7o1/nDWKHJT
                                        MD5:01EADBE98995C673110DE23E908EA159
                                        SHA1:284BA4D64B82BF6475EEE1B0FAAF590D683F2AC3
                                        SHA-256:C8837BF5C2C5F3417356A85B22FD1366C64A8F5806B571B5D5C4D48D62671949
                                        SHA-512:AA76AD18152487E7A2E8448CA764C2022E8DBCCC752D1689A86773C0EE83C5E21E371B95DED267CFA6A9B332D36B243C8715673C492CAA5EB41F0ACD6CE4E856
                                        Malicious:true
                                        Preview: u.o.^.....M..q...HD.-)............ ....w..z^H........;.+.}s.e.=A...4.....J......o.&JFzM@.d.=..la.1...;........5a..Q...5.8..:..K.$.;iC.xv....F:ET..W\..Qb.[s.... ...]q2...Y..<Zz.Y...fQ ...~......=1....r.wo.e.q.|.#....O.|.......:..;.e._.....B1a.3...wx}.....ZH....ra..Y..F{L...$..c[.......]......,.i.n.<D.c=..KtzTYBB.@cw..w..h.........+....HO\5..g....7@.....^-....PPV...L..X.e-...s.U..b.Y.&.....o.y..=.;..24.![.B._....`..&G....... ...o...,9.G../.).....[.dh.........^G..e....M....................&...'...........;3Oqj..R.mE~.....t.......T>?....9..p.7..>..H.@mK...URh...Zh...&|.r=...?.k*....f`G.tl....p....wW.s.-..>;d..z.t...<<../..>... v.....1S..*.^.A..].........yG^.....M.m^..N.c6d_......X..J..>..K...y.iy>..A$<.V...r.`D...]O6....G.. v.`.x......3.c4. .G..H.0...L@.0.O..'3..:.b.Zj..fy.-rhD...E..L.BE......... y?g.adp.....K.D..Z..\.k.... a. .<...]K.5....tN.8@.bd....B z.L..../.H\.[5.`A.(I.q..m.Y.r...nZ|..P..S!N.=.......FFW.1Q....L.-....7=.....qdP.{..N
                                        C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1761
                                        Entropy (8bit):7.8760098643218175
                                        Encrypted:false
                                        SSDEEP:48:PtaY3IbRSD5e3S41lMThyCEcIDYyog509WvT3GEH0RL:PtTyo5e3f1lmI7hDZoCbGEUZ
                                        MD5:84DC3581EF1493C447D68B821F37F464
                                        SHA1:82DD98B9AF706DFF43941A9B9A578D8FEBB750EA
                                        SHA-256:875FA3992A1823ACE590EE0630E46DDE2CE4FE9332F63E6E1CD3E503810906A9
                                        SHA-512:D59113AB327901D3B10330C9888263C044E81E79B5F75894E6222A4C7F536236E02E31B8223F2541838CEF15680092985F1D490A62860D6FB746CCB078F1D347
                                        Malicious:false
                                        Preview: .[..c...au...B7.,....q.7q.8.h`.,K.1...u{.l.].!.d....dK=N.......A.........9,...?. .~.....u....u.C..'kg.........v.......n.0b..t3W.7{&...b..o^_&J#dO.d...Zu..qd...l..n....I.. ..ev..7e.|sb"d..T...j.{P.Gy....a..."@.~.2......aB..B..8.B..^.Nm..rm.O.T....D...Ir.i.\.Qk9.O..B1.4a.H.u....qI....n..y.{...(J....p.E..[j..X-..j=."....$.....U3.{h.....g.9..@0...?i.w....U...{..IB..\.D....7#{>N..e.....|S`.....i.x2..c.i~.v..E.1..z.}?.c.Z.cL.ub.j.....#V.zy?.`.5p|.LJ..B..-..U....fD./e..9Oe..<... Tr..1sS8............$..........XcS.d.Q.hf/..u`_y..6.-H.....@.^.Y..ONf..Lz..-L.....tW6.....<.IN.Q..]..D..a....u...2..xOGF.*./......+.YR@9w!..H.w%..a.E..#a...Jy.C.......yI....`......@...t[.... }AP./..$..<..MV.......Pcdj.rCUv<J.I.'.../.bG.......].V..u6.o...qUv...n.6..D....AP.r^...x?z7...c.tP..e...ud..q...0...E....5.5?2.kT.....|.{i+.R. .H9:......K.)E.......9s.'..o........X..0$.Z5..>..\C^...P..f..y..........&.W....US.S.(.....@..)._..6_....G..>......F..\..."t.m...}B...
                                        C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\Setup.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2224
                                        Entropy (8bit):7.917731526794936
                                        Encrypted:false
                                        SSDEEP:48:NGqaRHuKfdeDTnYSjGOBsXPORCdohErCfQZGj+I:GRVfiYnmoKEe4gN
                                        MD5:9EF8EFAED43BDB08AA3C9A9E1E91577A
                                        SHA1:68ED315B54F83E3D4FAA148B738FACCF1800301C
                                        SHA-256:1ADA0CB4E19654B6F3ADD92FC7792248A13F168E98B49519F54C72242BB549C4
                                        SHA-512:260C13F9B900E859A4FD5AC329DBBBC049EBF95C2E03DF5E92EC8804ABF45CBE3CCFA5423D0A5A9C02EEC1D380C13B24ECC2B7D8B4B5C2202FAF02AB636479CB
                                        Malicious:false
                                        Preview: b.I...qy......v...l ...v%.sR.#.'......R..2.;...V...J...cg7...y..o.d|.....n.}.......)eS.T+<....C.*.C...1o..g...!}.....(.&..h2..Xs....Cr.-s..d...7.m..Df... ."......H..a..~.W.....".K^......a.,....[T.V...@..\..i;/l-\.;(g.h4.;......a."..:..=..z@..r....~.ro.oD.G.}9.c....J.....,.P..4I.......'.....U...{..D...Tm.....tMk...X...za..3..|....n.#T...{....yz.R..n..w.......0_..9^.zm....I5.Fs...?...".t...0+..<.&.~..E)+...tX..7..{<l...^.0.....=......I..e@.'.Y7B5.i.#..<w..&....C.....mc..K..<.............$............NYjG...r......i....Po.u..4..{...l^.uw...w..h"Ut(...Ey.....y.......Y.y/..).c...=..*m.'....l..B..&... 2.B...|..;0.".4.^;.]A......W.9.......l.W...dW....8.....;........p..-wF!...........h.mb\.Owp..N.*rZ>.F.-..8.>_../,.ju..........Z..#Gj..v....r0C:)...`{.....0/[4.,...~.UU....7E...N.....[.5~...4.* ....Z...x.5.1C./M._..s.I.)A..6......O_..Jk1....t.....IN.2..?..x..O.l4}D..;.[.=+Y.R.(W...f.w......a.6>.`..$m..>.].....SC.U...-..E..=..+y...l..
                                        C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\MSOCache\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):17167
                                        Entropy (8bit):7.9899651202542845
                                        Encrypted:false
                                        SSDEEP:384:kdBoD3YU7oSVOeMhU1cXMtHyzQdigyD13FXXblQdy1gcEDER7Amv+:IBqUSbMhGMwHhdQD7XbUQj7+
                                        MD5:8C2E9C213329245497B2263A3593B875
                                        SHA1:2D538199B373DA863D785493F7025D0CCF144A2D
                                        SHA-256:3102523019596CA4C547F375926CC5E59C19CAF70ECCFCADED6C89A7772FF524
                                        SHA-512:1AD9741D40FB87ED1936B248762E7BD65FEEA81F4681FF8F474C4882E0BF801E7DF9789000751C294A50964A4D44E491692AE99B3796D8E63ABC4C48FEF6693A
                                        Malicious:true
                                        Preview: .2z.@x...6....d....i.Kx..oX.;+p.)M.;.*=_`oN.OL..4~T.a....h....Q.K.%..W.d..(...c..YP.../..<.A.|.BY.....}...g.o..+.........h..b...2u....k.E..dwzo......%\@W.....T....G{O...{...v..0P~.g.F6.f..0....r$.wF_>6J+x.......F.\TaQ.D...L.....-....I......z{,]..}...!.%....A|.....0w.P..*.U.]. ......6.x.%.......Y...i..........B..f....1=..4&.....2Z...}...Kz.1'...Y.B"W...z.......d./...F.......c....pX....PpGh..J.,v{...p...JLp.T\M.i="}sA.>6...v$...{.sb.Jm..{.....>..1...zL...X.J...R.(.p.....h.0....7............$..@.......(w.E..\B=.j...j....9V.N.&Op...B.|...zE.W..J]}..r]<v`.~.._..z6:......903.........w./..EibZ......[s.K(..k..0"..... .=.%(B$G...Eu:.6.'.......i.....)..9.~`(.j....-R.)..T.U......m...b.g..p..Z.....E7R.p..!.1V._.....Z...[O\.2......e.}..._2.......)G....\...............D?.=.(1..,5.8.....x1_.....s..z4............c.fwY.m-GR...'.s^...^.V.A..i]f3.T.L./T..NPw.&..b......=.].TC.6.<r....l..;..9.V.P.V.h%..f.[.d.r.o.....Z.$aM..2a.9,.e.........p]U..5.f.
                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Adobe\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\AutoIt3\Au3Check.dat
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):13465
                                        Entropy (8bit):7.987174400062685
                                        Encrypted:false
                                        SSDEEP:384:dlS1XdTB/Iq8f9d4WCzTUReuj3gVjGKk6OTE2v:d2dB58V6WprUjXkHL
                                        MD5:CF6263647366E31831A4766CFADF5DF8
                                        SHA1:EF3F011C8CF511F698C8104237722D7CA5D00B21
                                        SHA-256:E7E62D0C343C63CFA93B03E325020A71DCBDC49549DBC623B690E0D38EF5C30A
                                        SHA-512:AA12D618D911E1A277F79DF60A9F1526CB1906D82661B8F00AEA05B38AE835BEBAF77753E31E4A2FB355D68DEE90289667701E05A10ECA2816570C71DE6455A5
                                        Malicious:false
                                        Preview: -c.b.S..w.C...2jl.qE....dE.....9.OC........:z"J.?..$B.8...H; .....e.u.J.~.@.Nd..V.N...c...Ji.K.8BA...80.....vEce....>.5...F4...@rt..FRL..."..}.x.k......)(...'wU.1..Y='...../.*I0$.:\...Sl.....n{.....]..e.P....6...&.....@.;Ms.....a.8..u.'y...xTZP`+.jR.p....=.{d.......a./.l.C.X.....,A>:...o.h.[..)%d.O......L......G.0f.....'...3..YQM"...G.I....._.>u!m_..1].=..D....W.azk..+.....m$.a?t..ws..c....%.......m4.~H..H...&........Xt..I..Lvx?.h.lAe....3..?(..@/s<....<....gI...OW..N.3..QK.'............$..2.......x..K)....k...3.-c.@..v..T....J./.q.tG0.,..tp.&..BW.H.....A..7...@.;o!rM.b...>.....3.......E.U.n0........u.h..)...n...Z....f.y..H"........v..E..$.%..,...;.......*...h.....0..c.r.jQ..+..&..-..U...CU./+tW{k.1.w..)+fe..........=.u}....q&)...#....#..#Q....<......o...^.Dq*w...]..m.O.....^.......8.N...|......<...8..,....^..f..,...r ..X..(a.*BG.F...|..0..RV?.(...81.jW~f`..[..I)*.....Y..+aZk..q....E....ttP.g.}.fw..F...F........PN"...h.....
                                        C:\Program Files (x86)\AutoIt3\Aut2Exe\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\AutoIt3\AutoIt v3 Website.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):738
                                        Entropy (8bit):7.679438524147927
                                        Encrypted:false
                                        SSDEEP:12:j3BhNL0MZn/+t52Bm3ElLAA3WDkc06e4svGzPgpRTmiU+ouJ:7Bv2tn3Elb3H16svGzPaTNU+N
                                        MD5:7432EC786684F18D0227FB83DFC419BF
                                        SHA1:7869E8447E6CF6E521A6D494BEDBDD01F017CB38
                                        SHA-256:5C6CF5AA8F8922CDA1BC4AA60A173279A4EE616FCA07B46D3DFDCCA1DE5E1613
                                        SHA-512:0DCF905BDAD3135CE98547BFF211719541DD2352D5DE587A19C1E0AA0DAD1057199D7BC898980C748AA464FB521059F316EFFA157DD19ABD5D37C947E492DD5D
                                        Malicious:false
                                        Preview: <t.......?.Z....o.x].9V.[..[.....\..k.|.5.+].:Y.%..>..h.....Q.3..F..qa.@...$..Umk..W=.Z.=..S.bm....J)0...S-.~..>..`.R^.A...f....Y."..r^....m.Z]X|...e..G..|`.6k.Xf...$..8.Rp.,....@=......tq.Qv.S..........69;....T.6...&JL:....P...k.a..6..r.....?..T..gA..p.(6%.i.oFJ..;.6.&G.T^Pqn.%.X..4ua..'!...qnj.D.+..^i..c..\...,.6@}..\......9a.q.^`^/....\..,...|...j7..d.p...&@{7$$.c."P..2.J.;.=...j.O^mH..u.....V].QD.y$.^b..c..}....F.. Xf.>.+..~Y,.T.E......6..#.}..... .\^.o.....:hU..E..e...1..d...2.O>...>.I(............$...........l...P....}Wca}...g._.JX<f....YE.r+.m.Z.dM*_......;............ Kiu."U2A.o..8YI.?..\.....T..U...!...0..mr.c.;......bH...3.D`.|.......}.Y.........&.Wk..o.K.o.5...q..L.,.".s.\.ath}...;.e.r.oWTl.).
                                        C:\Program Files (x86)\AutoIt3\AutoIt.chm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3503234
                                        Entropy (8bit):7.999941373146269
                                        Encrypted:true
                                        SSDEEP:98304:uN4xHbdKRMdiG+60GA0HjPgFNh3yepVJu2kcvp:QeHbemX0oUhfVJuwp
                                        MD5:6AF98E8110C920BBCD418DDB7EEC9310
                                        SHA1:5CDCD7563602BCFE24D8E5E95F10F2DFACA69C58
                                        SHA-256:1258D226737D75E9DCAA8FF4E69CDE95C147C90DD4DA4C5DDB903A907738885D
                                        SHA-512:988B0C722C754970EBB75310BD4BBDBBA1FBA836D86BECCA86526039D381EB96610EC648034F92B41000492C15789B6A2021D0EEBF123B2BD8DE5A750545619E
                                        Malicious:true
                                        Preview: ..\.mi.......F?YA..x.K.m}.....>X.i...0.....N....t.\.......\p{..'.......Q...gE..K..O.)J:..Ska....D.U.....:,...?Wb.$.W.....!.....:Y3...d...I.!.~.Nx.8..)......3_.4.u..Z.M.....^.F..<..g,S......z....o.*.....Y.2.i..e.f...U..'m....1.`.....Q.(.. \.....RI...... ..J..e.8...}.y........mO6...{......*..q......;.p...s..3..&.V*e.m.%Ap..vwl.,........J....~.7./..Z..7q....p.YvdL.w.i..N[..|i/..m<E......7_......4.F......~. .7..[:.......W..(...WR,q.....E.I.l.7..?.....;........Mm....]..X;..K.... =......S.............%2..j.....S.O.1....B..Z..;..JPX./q... .!.|x....m.=o...^n...6>.q..+.Q m.4a..f.%<.X....H.i#L..T..v(\hU...5........>f.h..p...rGt....`jB.sw...x./*4...Zj Ha&......>@\.Z.K.Fb..zF!....u.o...G.e.......3...A.8.qW.........YkE..cv..k.^..|h=tq&...D..G.k......0M.A.....^..........}...tt...jV.\........N...ar..S..`.70..W?w#...V...{....4..p..T..9=....3...S.^7.`.7..R0.+......? .Y...IU....D3.!..@.L...U.Z.>.D.hLy%.y.....r.......q..f.W..n%..&^m.[..o.3. v...`o.r..Z...,.....
                                        C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):201012
                                        Entropy (8bit):7.99917160440267
                                        Encrypted:true
                                        SSDEEP:6144:T9w6KGZU8XTTr9yWliHqpiooAcsD9b3g5b:T9wqNDX9yWsqpU9sD9c9
                                        MD5:59D824D2414C4F1EBAA4EF0F2030A7DB
                                        SHA1:C04D319EF5614F94C607CC615D65909C582D5A4A
                                        SHA-256:A8FF156CA3F0DFD670A1ACD2D7012C7C7F6779D71EC881CFB64683A1D740E5C3
                                        SHA-512:E208965B124F5735F833915AD493BE95B3101F88DFAB7A6A9CDCE7B362161BFBDC7CDC27F3218DC7AA4A85BFC835DD75B2A45A26C1C8037E6B05E65F2B9E1FA9
                                        Malicious:true
                                        Preview: .].sy..d.PbQ.........:;]\CG."..}...5.I.=.T<..Q..+Z..A.@B...T..Hv&.a.. m.["....5L....z4...7E.Y.cSs..g/..9...)z:._.=.K..\;*C^g..\....<..4....#v...!..f..EH......2&..t...42[`.F.|2..... ?...uS....V...............K...........IG=....E.nQ...o..0...L..`.1u..8.C..A.".$..$...F.1.2....6.HK..\.JZ.........4b...g*.B.H.).S.B}...87ZKmk..S....J..9&.;.'|..cH......{1<..(5.)b~..).`v.s.e.3..&..|5<.(Q.Ae@7.@z...B.. .o.....M..|I.j..:....I(.I.(.J.0.....RxD...:.'i.w(.4K....g.L.....O.-c.6,k........c..<5b.r.............$..........3.]'...&+-hDf...qo...1f..Li..w.X".."..VuJ.Uu3...>.h..9-.*.....q 3#H..Y.4D.@......}.....;...=.u.bN...b..L? J9.j.v..........R^..{8...O}..........B..".^....:4..V>.P..o.9`x..R}V.Z.;...1.>.`...7D.....fV..*.`}o..~.`..f...DhW?\I..i]NBL.T.I...i.'......T.t7.?....c%.u.....Y..l......d.R.O......P~Ftp...({......b+.x!l3z..t..R8..\....B....8.R.^..J.~.oC....SAP.!J({..33.;D..Cz.-....!..qi6...z.y..JB.]&^..U../...L...k..8.i..w.....5s#l..YZ....?.}....
                                        C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.psd1
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):26952
                                        Entropy (8bit):7.993314874815378
                                        Encrypted:true
                                        SSDEEP:768:HbEVzkFl9L7uKAgNfcchfLqO8f43oaQUQoaok1G:HvFl9Pbkc1Lq7f43oazbz
                                        MD5:020A5002BAD3FE9032C3FA2FB18C7CDB
                                        SHA1:0AC090D9E9E5AB91E0A42338C9E6332A4560D17C
                                        SHA-256:9F6ECA6BF98707323180249A66A054BD735A6A56B44D9066C37EFFF291FBBDEA
                                        SHA-512:548A0D33B27A58B11AA14C7520B2B92AD3384AE1623910C3AA9CB3A7212E72A4B57AB3576908D8BEDADCB2596DB0283FFC5260B6AF1B26F0977B036CE4D7311B
                                        Malicious:true
                                        Preview: ..XTvZB..}..Eh.eWE#...6}..'..8.|,.........i0{..x.US\s..3..G...:.^.....'b.."N.(.RW..'.H.....Y$.......'...bvID..k...@...........u"..'.0|...6.[J...u.v.U...T..*>>N...::.....%. ].-a.D.M.0......?.M.......2.jeP;................z).t.w.x+..\.+.z.Q^+.iL'..!.*Jo`A....Td.yk..H...x.1.....7}....X.w.....#d..Un.Y..l...j#J0.5..........1d.wt....P.^.)o.l%:.....N.....-.#8..C_/1.......x...P.h...t....*N.5.>ag;...[a..B......J....K...8.....]...,O.:.e=..0.J.........y~.GHQ.;.m....a.z...j..8C....k.EG.............$.2g......X:.....HI..;NW.Jy...:`.I...Q.8.#\.(.h.C....3.7.9..Q.H.<k..!.....1.2.H.....w....P.!.|PC.G..b.....\_Y..&.9..6...r...:(..b..*.....k..jAO.F.3...bd......g..#..=W2f.;S.S..AO..~p.pQ........G<G..n............q..FR..H..>f?7...;n<..7..o.y/.[s.o.Y?{a.....Rj.g.w.S.L...h{2../...o.&.}.g..IN;.../.....M.Q.uS..E.(6a5.s]......./...zj#...3@..~v.>2e?.s_..7.a.>f.+@~M.?.....]_.~<.'..H.&..o......L....../.....:.#y..D$.4_..).G.......v..y.U.x@T(....EH..;...a...
                                        C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):50052
                                        Entropy (8bit):7.996699306063276
                                        Encrypted:true
                                        SSDEEP:768:GBv8xew+MesDKkYk1BNtLzD/mlS99QsjGKzbk46I0WbEiduc6mhY2u5YURSlOc:Gye1k1pLzDr9eKs46I7AiEIY2WvRJc
                                        MD5:2E9CCB0BDA57CCEDC6EE6E23B9925AE4
                                        SHA1:4E41E3B4F0F257B75946E5386CAA9F4713C9AC82
                                        SHA-256:5C9DFEB276DC4DED75EEB7F88A70DB1C8A8D08575F525BD07AF20FA16DF3C215
                                        SHA-512:4046DA12A37966D57124682DF8E9BF5920083CB862D5FE0A001E0851553BD372A1FD7E037DB22CFB25B2223ED3769D102E93D198EF45C0CF6A2CC7BA73613D49
                                        Malicious:true
                                        Preview: Un8...%]Q...0.....C(.....7-..........Pd...g..^...o....AF.....Y....+.e...#...;{.WS..I.........m....p...5..<.+n...<.+...FI.h.!..j..VV..!+5....h._.d.l..*....0...J..|uX.N!......g./.N_N..n.:......U\,.d.;N7o..+.....g.."..?..W..}.s..q. ......7.E-.9..lp&.....=+.]...N..V#.K..[.....o.Hn.A.1.....b.f.0H..>.0.p.<...%....D....P.....h.....k.]....i.>...L.......-.J.O.k}..._=...E...[.Y+...}.M..&..w...v.v..l........J.|...1kaD:.3Hw...@i@...?2z.z...Y..P.*^0.{.EL...pW..A..3.<"..TW......W.....m..'._.............$.n.........y,:..._.....o.....p...R\:....G...s.1A...&......c...>.;........+...v.c.=..E.i8.i.?e..Lk..Z...hr...\N.....k...t.............2.3-.. K$...Hw...u.z.%..w).6gk...J...C.....L.Y...t....?l....S.....(.c....%...............W.'.*.9.`.Y...f.+b....NT...%,..t$..e.g.R....{....j,. ..Loxxe.w...N...?}..Q....-1..u.7xX..V...X...n.'e....T&S...x%`...2V..N ....q.....GLr .w_m6r..O..l..j5N.C...aR..1........{^*.E.7..N...uG..W=......L....Hw.r*..L.rq...^\..LWe,.....T.{d.<
                                        C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.h
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):13527
                                        Entropy (8bit):7.985934969490232
                                        Encrypted:false
                                        SSDEEP:384:T9DkU4k3AXIK5BUHPOKoL3dEaIHAMVRNFd4/:5kU4kOhBwWK+dEzVVRNFW/
                                        MD5:CEA87C7C48E720D6494871E5B2A489AB
                                        SHA1:1CFAD728969F45C3CCF5B1A3B64D4757B9AE280C
                                        SHA-256:2F581E75B6650E87705D13518753930EEE583949F90731DE89428A11424BFD38
                                        SHA-512:94876392E9DF6B1D38B915DCFC650D4C728206437B0B3515D851BCBCC74D807299A49AC3131752F1226717F8BAFF65D03B99F2E762A76291CC0171ED137FB8AB
                                        Malicious:false
                                        Preview: ..5..|....\..;x.]^4..g.O.qG.O.*.r.<V..g..'..zx@.=.%...O3..{..i.D.!.f....v.g9.%...3,{.1.....n...p......IcP..G..X...B.z...j..:...2x9.E4rl.....r.@....;......._..IH..dm#......d........,.....?6.6.a..M..:....Q~.u.;.[. .Z......>..(.0.#....}.o.J=.r..J.P$.o.8....j..Lb..@..+.3...};..YF.`(b..=...6..th..gA...0.Pz3l.g.>.2 <u..7R..$..<;Gx.O......r.*.zE.y~r...............v...{.~Ij.<.DwN..E....Vn..Oz..G..(P.%A0O.Pj..Z,..{q.....wt..$..Q".sp..i2bf.....T..:.?...zC...lz.E..g..J,..*..V..7.e.`.a..b...nU0hv..%#............$..2..........6..^...$.....<........E...Aw.)....N.RS..X;.P..D..x..tU.Z...o..Fx.......\.%...$....u'#<........x....f....s.Yc.........uW.,....".QGA.v...D.c...1k....;.3.......!..i$..l;.%.V5T.&"...@.....y...I...k1....J.......7...*H..<.6Tb...K..M.z...V..F..em...0.R........s.-./*...wp.....C..L....Z..D..... *^Z*..P.M.@GC%V9.....jh>..$. ..I..6.....Pp~..8R...Y.......nv.P?..*......r..L...........*.=......yu .!I.od(.`.....+b.J_..+.W.....Z5]..W..2......k
                                        C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.lib
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):29510
                                        Entropy (8bit):7.994076060209651
                                        Encrypted:true
                                        SSDEEP:384:3R6rc1CiyGXRg4HYDY4L+IDrErLXp0xHgQjo91EeIyNrVzSr1MlP/IoEbJniHfFq:B1CfGXRgLKYm83oBIyNrVurpoEba2h
                                        MD5:D80321D512B1C4475D58EB2B8D12203F
                                        SHA1:F4754755CDB665B01402B7D52EB76148BAC866AE
                                        SHA-256:0D544C883FBF7E065FE9B8A0DD43B7696BE6259662061DADFF8E1B0CFB52F9C9
                                        SHA-512:A50229BCCB48213BCED0EA74028B68A27FA89B9328AA155073A51D2EC40D685CCCD8F1CFA6C801EBB4EA1059E09A07AAB7087F610C402BDCC71154965A0E5685
                                        Malicious:true
                                        Preview: ..<,.]z..D.'I.x..O;.. iu.,.r..."[..6.9..-.T.]...22..W.TJ...hs;.M.P.2..$..Za.,...|b...&x......a.a...^.H.}T.k.pj..3#...c..5...K..-...h..A~q...i.>.8.=xn.L.=........=.....J.g.9B.*....^n.d.c.Ui!F.S.ho....L.q....M"t2....H.....?.....r....k.v.~...Q`..[......%'.U|...;...0.........fH...}...k<Lr.....i..87.{.....>.k^,sm.<..L.......x........."Hu~.W....R.......-.>...*...:..rC.'..S5F.y!..A.. z..YW_n../.i....0F..@.D....."...mU....tDMI....:..)69.Y.K<....YA.j#......x..BZ.z..Y]"$..RV.......1..5...&}............$.0q......M>(.Tq[..k.../..5..L.:1..G.Q..W......g.0.....1..Q..D.Y:..{....r.....r....K.b.....#......OW..}..E}..o.....[.r._...@........Vh.j ....{7.......f..'.8..@.b'.JG.:.yt......t.5.&........)....../Pl.Q.{(.)...L-.*B..%J..6....O..#.l.)A.g....0.:EP.e......O.y/q|...k7Lj...LI+.P...\..Ck.".u.V.....d.?....u..?a....mB5..,'..u...."....:U*...A.[2WB.X.. ...<U.Y.P.z..n..k.n..W7:~"..e!.;q.p.Yy(..1.5v~....r4,->@..Z..@M...B.".s.._j.yw.}..~Ku.n\......Z.V.t?(....
                                        C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64_DLL.lib
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):28080
                                        Entropy (8bit):7.993266078014019
                                        Encrypted:true
                                        SSDEEP:768:Z8QpVS6xy4FGZoVW97XPBjz/8W04dbESWOechoEfo93Le:Z1C6M4F4Z9TpF0ibESW+hoEfo93C
                                        MD5:338108783575507099BD632328DF03F8
                                        SHA1:189C4A072F6A5E1C50246F1EEB7C3E10D458637C
                                        SHA-256:A072094D78FC97DB25EF55D190D7B75CBFC2BD2D2B02BC0DA0C6BACD5D52628E
                                        SHA-512:62655EFA2E322635F24D2DC102D6FEB60DAC5C040E1AB84580FA0F87DEAE86198B2824B98E8208AFF438941280016A4A1F4D427908F52CA23857C3D12DC15D96
                                        Malicious:true
                                        Preview: -........F...1.....{<..j..:s+kX...l....^a.P.....C...0$q.T......\m....G.c...;*..g....|..{....!I...z-......@'.J.?.O.......wA.6O..!^..n.E.\3H~6.d.{.sHv..Bn-"w.a...........ox..<..D[xx.T......m..*.3......z..^......a.......sq..V..o4......R.....B..`.d.w..eG.......{....c.7....b<J_....Ud....F...MK.Y..3".e.6M.......!@2}..<..O......h.F..t.;...[.....6..jT.....W-K$...7.L....#...o.U.o.Qt.V...G...|m...$.w!......|.....!9.........._.c,$`.+oe.z......5.:......h.=&..P...1U.|.Vw.)..G.....?..4....[...............$..k......S...1...%:b.5@5..G.Dd..s.#R.#...K5'Y.../>.q.m..1...r...14~..I..a3`..B.]....2"y.9 .G;..x.....$"...A..M...%>N.`....n.2.8a..(.O.i.......w.>.S'..P..Y.VT..qK.\.....M....#M.k.>...k........F.b.<...k3XI...9...W..F+..c$@.$....e.....f...e.*..DAW_.3s.i`.f.........QY0.v..Gd.$..EhW&Z.U..@!..sx\2.<.......]..c/.k.C..i..x.. ..._m..&I(>/.b.G0q.B..!T.,..W....Dn........3.......x.5..:..~8...N J...sP..QSg .H..n[.6mI.g.BO..p.z/A...F..i....u0@...8....7..-.E=..SND...-...Y.#..
                                        C:\Program Files (x86)\AutoIt3\AutoItX\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\AutoIt3\Examples\_ReadMe_.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):741
                                        Entropy (8bit):7.681668880177418
                                        Encrypted:false
                                        SSDEEP:12:rqGGuCdMExiHMiQ8Dn66Bo5xtKM5oC0/CT5gf7e9r1BkW5IxPVjKF:+asx6n66otuC0/Kw7o1B6PVOF
                                        MD5:CD08F4A4F2CAD965272AF04C04F3B08B
                                        SHA1:2048CF1588B48BC2D8B97CB9C718533F6524AB9A
                                        SHA-256:E2A4CD05AF26D7CC7D769D27FE9A2D0DED52927B5A7DC009323CF355078B7708
                                        SHA-512:0A15C162BB0C409A0D2C1C6A0447EEB15097BC3CF94C1C97CAB3232D56B5AC5129B6B20A8EC0F3695FE32ACC9784F343C990549D9121280B796B24741C087FC4
                                        Malicious:false
                                        Preview: !.A0...A.......F.X=w../....IV[..R.@........r%KY....#V....:1..*..IF{...+*[l.&|....Kj.R\..o.Y..xT.J3.`.m.g....X!..&......"...jcI.&G<0A.j...~..&8.]...=.C...t.1!y:`..r.M.;..-.......o.._;..8/hlRs....c....u...N......n.-PY...0.M.k..`O.RE8c. qx.....}:..j..1z*.].......Y...o...2\.A".QB.......%..8......:.y.....}...."....R..A..;I.`...6.?.........X..y..2.....>.1.3$j..X.>.....#.9M..e..."H.K.J..+.l.9R..(.......,.../fgfS....!i...b%{ltW...I......j..t4T........k.Y.q.fb.r..,8.l(.^...+.......)..................$.........uO.@.......j..x..9......MC.cq}..[Tj...&.K...z.....P.jGm..<@...$...mL;....z5mG.V.Q.......X.M...+.o....=..E.C.nM.6.,..Y...e...~..K.5.@......m..h..rnwf.D.._....:.q.[..R.:.)...<...m...S5..0.X).FH...
                                        C:\Program Files (x86)\AutoIt3\Examples\calculator.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1939
                                        Entropy (8bit):7.887848202862027
                                        Encrypted:false
                                        SSDEEP:48:L8OQG9nSmYN/2Rkbz+dhRCQJ9umOV3xTWC8KcL0jG:LBbnSmYN/2tYRjVcC5G
                                        MD5:0C89E22A95685327780D2E22C726A4D4
                                        SHA1:CFBDB834666D43E93330674E500BADB7A6590699
                                        SHA-256:26033182DD807B1C4D3262913EF758FAFD472FC919270A5B2888874345C0E5D2
                                        SHA-512:05665D01A8AE8273C98767308F283709E4F1A02BFF99BE930F4A84E566DAA1040E38835EEC4EC6BC1E509FEB1D99253C048846A953567BD19F9F897F81AAA286
                                        Malicious:false
                                        Preview: .k...zx~.........m..R..j_.i....C<]..).....'.S..3.._S.}!OE..=..?..X9..._.2.v.k.}.......Q.]....~Z.#~....?...,.. .W.. .S..rf.$.s.98.u(R$.t..i....pl=.U.~...B.x._N.+..@@.Q..{..]........7.nF.:y_od.`H...3.S.C....\.9............}....n...w...9....3....s.......Op.U.8J....5.p#&..p.;+....PCs..Wg...Xe...\J..]&..V.J#$Un....E.$..F..........d.........9...0..a..b..P...NAX.%+o..X....V..}.Z.........U......9._.. ...~.d......`.....j!Q.t.....M.@.;<J.......... s.....X..ls*.....r.....ED.....<....#:.8.."...............$.}.......S..#.0Z.$...xJhEDu...*0qu.O......6.-.. ..;..u....,.P.. '.\...p}..:.?c..yX.k.d"+!1.^..I@.B........u.CB.{.1....,.&o..G.W.h..].........B..T.j....d......!L.>"..H...u.96..'.\.7.0..._.N.....m.C...M0..YC..([...q89...s..... ..XM..Z.>Q.r.....d.f...j.r...:w&.Z...KD.v..}..S)...S...@..A...\B..>.X_]n.V.\.xS.h.|....t.Y...).?...;..T.C...t(~..4.<.S9....\x.B......,C=.|:=-TT......}._G......N.....V.'..1.:.w..@V....z.4.....F.-h....'.r.k..~}..9"..{4.....c...[.M.
                                        C:\Program Files (x86)\AutoIt3\Examples\count-do.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1711
                                        Entropy (8bit):7.8758519806717935
                                        Encrypted:false
                                        SSDEEP:48:LaHTijp2ofQXjYG/CXPp0azLhqf++K78F8cjAC5mis5q62:LazMh2jUWazLhF+88F8olTs5q62
                                        MD5:90B562582359B537134291EFBCFD2317
                                        SHA1:7E8B9DAA1763DEC52DF119A05D5710914BC7E4EB
                                        SHA-256:58B8A5ABECBEEBC611645E8FAC972E8DF1F0A9CAC0F51058347C2968AD945985
                                        SHA-512:30685BD5614DD202525C5A9876D32FB3C710E0C77A574AC1FC55A164F63ADD51106021FF491F4FEE31481F444F6A6E32C8A788D893A44A6DDA23FAA3583CF08C
                                        Malicious:false
                                        Preview: ..[.....!CGDl..kU....5!>f..X..a...@n}...L....=9kp..fJ...E.,..7~z.....0....9..1r.N..."8..QK..-.......~ .W(..=:,..>.bu.B.....ZE.9^ g...cB..Br..'0.|..S...f..mAo{/..m...x~.y.0{U..sJ{Z1.[(...4.r.)&.5uv.tH.wAo/....8..L....,.~E.3;..*...O..&l..d.9l8..U..{)].....NH...;.....+V......Z.%.O..'..U.'.h....fG..kF./..J..._@Ki.D&...,...?..n.5?#.P..r0.F%^TK....T>.5.aU.U$.SPDP..|.=1....VA...@E.\.:...a.V......L).S...D%..i..M...X.../k2h.....M...P...=...rF.=..n...W.~.v]..5.V.0o.J..%y..28jZ..Y.{.........gnM.k..s....Y............$.........*hy.......T...ROF._8..N$(>. ...S?}R.T.B/....@*...a....$.j!p....\V.I..f.$-..7.eF.mEg. .auJO.....3.?..dme\.|....NW=.Q.&.l....k.p.0.c....BSyNx..#.I.pM..`..:9............r.-=..g."E..kFC,N..H.7D..e\(rK....i.....uek6/..3G..m^8H..}.(n...`.I.j..D...A..`.|:..0..K......^...U.....))............~..}m.s...n}..U.hEG`/........|..(....t..~L..N..QE.f....Jg..P..u..o..>^.........!...\..+.Fx.!3..e..b..-......:...q.._..[O. ....1.....2V.....V...OR.`..H
                                        C:\Program Files (x86)\AutoIt3\Examples\count-for.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1498
                                        Entropy (8bit):7.868956404166575
                                        Encrypted:false
                                        SSDEEP:24:tYgj+qUKxxUbwBjTEeDcOnSlLKs8HyWUzECfWhXCaw6TCj1Y3dU8vbVz:tYI+q7NVcff+xEWhXhTs+vBz
                                        MD5:6509BCD79560BEBF9B9839E0AE5920B9
                                        SHA1:C1CA4BD2F2DA47CD5E7D6EBC3C39A594E4CAC2A7
                                        SHA-256:219224EEA8CC4DE877598EEEB88EECB1D3898C308EEFCB1F553BFB37B14FA93B
                                        SHA-512:69C076DC9BB4AE51B35832E5D3698B46E13E7178B1D87AF4C18C5951DCCCC25B2FD69FE80E9259BC3F40B4551A897251512D396BA396E89628354B65EC57FBAA
                                        Malicious:false
                                        Preview: .k.s..6...1...c.._..........}pO/q.Z.}WW#.g.1#.Dd"...#.=..!..f.'`..8&.8|.E...... a?.&xdQ.1.`.R.$..{T.................\.2....eZh..*n...s..$}....R.M|R.dK..../pW...?.a...h.....O......4.ar......P..f.!.....q..Wyx..kW1G]...z...0Z...{....._.|.K..f..N..C{.`h-..g..\....%'r.-.&.....NRhV.G.:...1:.c>'Ro.........u.....t...A{...q>..4.............7Rv...9.''_.T_....q.!G/L3j-Du.h:,.....X=..s.#"$..:.........=....%R.>.....E.2."...E.@....%...J..^.......F...)j?.ph....'.jB..V.)@.;..0..Z/a/.t..s.............$..........dn..;.....?..(I.M..'.7-..r.!....*.S~&`.]P]...ct.T4 H..m....U.....V.j.....jPu......6J~+P.......-.....I.aGd.Y.E.^[_....pu..}......6.y..)w]..s....:).Y.j"E. .....9.......Q...M+Z..Qn..L.N/"i.F..?...{.....b.....Cl3..FYG..`t3....zb...ig...>rxJ28...|.9G&.F).?..^....;.+..t.....X.!...........c.......D.!.(....m...|L...y.]..RP_.&..#....-....5.]....B3-+.9b&F.l..u..H....;x..6Q......dV ...|........(.2..(...q...Og.H...6x.G...V..T..-.<5`..L-k...aA...o.>.....
                                        C:\Program Files (x86)\AutoIt3\Examples\count-while.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1703
                                        Entropy (8bit):7.890003769017146
                                        Encrypted:false
                                        SSDEEP:48:OPd3HKj/IF4WvEeq5j7652vQqTNH37yzD0un:OPd67gbqfPh9WZ
                                        MD5:5D6B75F6D7E8C474B74E8DED71997768
                                        SHA1:92471DD63BA7A16A4016E420BA78D5A7C743E9EB
                                        SHA-256:83F5C8C61D003810076E15E17088F2DF15312931D9DFD67397BE71BD7AC1CB9B
                                        SHA-512:63AC54988A58912B536A663B7081449E1FFF4705C095E094DCDCAE9471D50533C582A870C501688AC755A8F49F4C4EED5965B5A1353D76FA2B663E557DB0ACE5
                                        Malicious:false
                                        Preview: h?gN..L....i..xw..........HZ1.M. ".....`..z1..#.Z...R.yGb7.Fn.8.Na.x...SJH~.}..n5.ry...fd(.}d..."n..D.M'.{...`..m.M.=.h..g.V.l.hH...&..@.ZG...;.I.bM.D...&.......-^$-...]|.].^U`G..).r.RY..z.......M......p.....m.E.x..q...c#;E.p..#y..p...(D.9.a@...@.Y/Y-..n..W...%.hr....Z...J..(...[KI9.h6....>..../..7..M=.Uc....Mc........."._......D.D0.G.dg..P..{....F....-..;.....%...Z.N.tc.Ek)G...A.......lQ.s.?s.'....!XZ...C.P.....g'..oV5...^...t|.P&...#$....."..S}..@..J.."...GkH~.3...t.}h.I-4.b.O.............$...........=...qF*D...n.......i....[Q..Y. .}E8._ .$L.nX+..yP{F@5>g.........53.....c..\"......S#Tt.(.@.z.7q..%6...N@...\...B.H.Pt8.y.e...[:....5.FW.C...0<D>~c.*[";..=m~.....D..4... ..Q.(.L.^.O.....R.....,C.&..w....?A......#.Np.p2f(..p.. ".u ...=...t.M>.57..Q X.}P.P...3A...^Uv..?.k.....|.....B..c......2..H..@f)s.o....Vf/..,F..7a..%.#.H.Vg.i..^R.....t...A5........?FD...[(.8.V6j..iq.S..-S.........o@...D.r]C. .lq.>l.R......H....1.....). ...I....Ls..X3{.n.
                                        C:\Program Files (x86)\AutoIt3\Examples\functions.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1691
                                        Entropy (8bit):7.859578003713786
                                        Encrypted:false
                                        SSDEEP:48:cSroV2c6hyBnNQjT1koJB4O8OrnI8t1ZKGqs3Sv:cORryBIT1tJBZPtXoGqs3Sv
                                        MD5:59E8D857D5F015A6A50D9BE72F1DB590
                                        SHA1:4DAC1AEC26AB91C9F4FF1E2CE30F4815CE3D7469
                                        SHA-256:12B13B8F6021DC9C4757349A15BBE33AE96539DB9D6DA4D010FAD703186DF05A
                                        SHA-512:E6F8DE1A86D29CD97F2BA88701DCBD780D251846CB40EEB177D980D8092EB9C535FA0029301AD7966119001246769CAAFC0F74E384418C001190271A2A6D81A7
                                        Malicious:false
                                        Preview: K.t.uit`\.yD%W.q......./.....K..x..O..Mlz....d...cY.........[.....gI|....5.....R@.... f...M.ZL........2.......Z9A...wY..e..z...%\...Y.zv.._.)...?......K...x....[....b.X........rj....QV.^.p.....].c.5...M....U.....}....7.....uP{~...r....#..../.{y..k..'.-..pyi.gL..(....ZX............>.p)[d....d...R._..T..Y...."Hq.G>.y...V.!6.p...t....._6....P.7.r5..H...=.....^.m.\....M.=...:D....u..*P..g.Y.......r.B.Wh..!..(q...wG......G......a..........5$S....Z.....#W.>.....Z..iL).../.C.J.L.............$.........b!.....q|X.'...q..... ..kkji.3...h...../...u....*>t|.a.?q#.*..>.t......5..q#f*GLO.T..|4t...|.t...]....[.....2|p.h..O$R..ey...@.Z.._S..e....z....,...c...s%..~.zN.09......G./F.4_m._...%e..o&AMU.~;x4........$g?....A..=.M~.).Y........+Y."...m...52>...p.x..{..n.,...bE.b...<.h.e.>igs.7&...a...O.l.b#.=dn..].$..nw\._t.....+..}vr..zt....'sD.%......>`......T.:..$..2d......f.&.v....h.P*).o~....v..j..6$_wc....DW.LK..'..&Pb...q.T}..BL/.....XoVt..)."..y.
                                        C:\Program Files (x86)\AutoIt3\Examples\inputbox.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2226
                                        Entropy (8bit):7.905348277732535
                                        Encrypted:false
                                        SSDEEP:48:3Srw0mGc6I63ySCKNeSHXdnebiLhwY7yBUHtRsElvHKYRlaEGT:3ewpwV3yHIePbAhTyB+sWqoa
                                        MD5:48633AEE47D072C2F7C2BD437A526A64
                                        SHA1:806E099C8CAFEA7BA6992E07EE8DA3992C2FE0EB
                                        SHA-256:1AA458A6D1ED281E0B97F1A4F2B385AD5E6CA8D02A56CE1C9CEF608D76343507
                                        SHA-512:E04DF1DF6DFE81C9E20236763A9D6917C3B3E5918BFADFDFDB87145F388DC3538B43EF5C7CF9C767DCBB764B14878625E733C4FE5FFF46748E216431A0F7BD66
                                        Malicious:false
                                        Preview: .jI......3.V$N...x..fo..e0....o._..T.0..z.N.g...C.._b...&.(..$.6.T.z..Zz.b.b....0g\.II..6p.@........ ...B.R:..+<A...O.....S.8.OF!;...5=....jt..../.;.....u....E.j..6.eR$Mm&....L?...c.V..../.....T.!T.Sfk..Y....{<....g.........y.@.O.XYp.f.......M.^8 7=T.e]..G....RE}.S...,t..w;.$`;.!...5U.IU.{.T.0"..).F6...l......Z..7HiFlJ...{.....Vl.QI..}...+..8..u.SGm|V....v|..|w..nH.v.6....^..G...L..8:.@...#:.....:.w+....|...Z.85.e.M.%..J...zN.....'U.M#.7X.1M.r.. .z..d....I..6.....fzF............Q.............$...........B..G..Eb.,....HvNL.W.rO..D6...o>..*....].."...2..s`...%...$.H..Zh5../6.....V@.........Ym.?N.@WAE..3..K.,<;GK..Q.t.mQ.\W.u...F.\6...a^.pb...Y.%5.........+[f....~Na..O..|.8.Y&p...~...E>.9.4....g.........jK.'..ZX&...B\....0.#...b(.$.T..../..?.VM....|0.a..8.....&.....K2&r<....#VnH.q..{..<i...de.....G.a..!{O..y..1q......7-.w...;C."..N.R....TGy.D*......R.\]....]..yXF...}.8..I.J..*$.}..U>.I\....$..l...\|b...5.CK..i..%4..b+.Q.$..^.R...7...L.X./..
                                        C:\Program Files (x86)\AutoIt3\Examples\msgbox.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):993
                                        Entropy (8bit):7.775400691665923
                                        Encrypted:false
                                        SSDEEP:24:7h2x4q47c4OXDRvxSlCscrDt5fv2vOccRWE5pqDCCL:YR4o46JxuJeDt5fv2sRn5pcCM
                                        MD5:E497D2A41701F29E009734BDD0E5D70E
                                        SHA1:1098B1A4D1144FFD3C1BA1FB0854125E68C0626A
                                        SHA-256:D6E13AA5CC746B250EA547C1187CCBFF5DD8B0A2CC21C9D73642C3780E0BC012
                                        SHA-512:D85EAB387D888AB038221575A9965D3686208EFAA23592FF82992886E51B9908BF240248CC37B075C04FEA164139D5D507A28B92903B14671630213C08EB1E75
                                        Malicious:false
                                        Preview: q_...[..4.Q..b...Z.....1f.l.Mu\3.....:....n..?u~...._..x.K....N.y7]....S|`......cb...K..V..|.p...O.....w..LS....g2.)...Q)........z...7l..8%|r.q.....@.}.....F...8.,.....A.K..s.xe.rT.....+V.v.^.b9.i.:Ae..]O.6`.E0.q*3Q.~?......|.Q.%V...,.>........-.8..45..%_h..l.M..z..1;..Bb.&.....$..jq..e.7.qr.-......vk...m.y/..J.M...=...QR...lI.G..s...8B)A..vm;...r.D..L.e.....d.K.FF..M...%..{..k+g.V..4.E.S}......{zR..S.C.D.....1.....f.bup....cs.x[x.(......Y..'......'..)v\.8C....Hwm...:..Y.......j{..P............$.........B...(.>C..+;S...7+...lJU....G........t..j....'*.q.z.._W..X..XG.Z.[B.Z3Z.(.!.z...&N:...:...A._.....j.f..U!9B&....7.@-.||.....ys.C.....q.R.#....D.a.;X.V.....M.....v.Lt>.!../.WK./C.a<.|..".j..v...jiFf_S.H........A.........?.b.7.k....s.....>.,.c..TO...h%.v.Dw...w..^/.4.a....p.0.U..Q.j.?:...?.t...@j...8..<...ETX.h..yAPhh"a.....I....u.-F.O4.3.....rnh...../..u....C..{.l.M.;R....D|Mr.$y......tJY...F.bK........>.B.N.`.....q..3...#..?...Y(.....VW
                                        C:\Program Files (x86)\AutoIt3\Examples\notepad1.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2235
                                        Entropy (8bit):7.896104499085011
                                        Encrypted:false
                                        SSDEEP:48:lrGd92WLF7d0Slob4m1lZifDpelVWUqLZy12MN0SXwXk1qrjcRpTH:JGDh7d0BaDpOey1JiXk1q/c7
                                        MD5:40027D3444198A0C85D5D15760BDD906
                                        SHA1:65B80A06DACDF79E2A16EEB3B7933AB60EE7049D
                                        SHA-256:F006747875E82C5B3190CBAC6B7DC1596616C0AF40472CA1308762A513FD0E13
                                        SHA-512:4D8BBDA636FF8DCFF674DAA3A981C0243763C1208FCDD0466385A1A97EE95CA993C2743E509ABB846FA283D13130AEE926C0BF6829D6ABF36EA57BDD078D78CC
                                        Malicious:false
                                        Preview: -"e.....^.'6.r...rq#!.wt............Rw...m.AE.1....Q.=B...I.........}w\....A.....M,.(...nK|. .:..Eg...3b..A......-l.nt^}chfY.U>j.^..-...ws.=......P.9..".6...z.S....-.if.j..e..Z.....h.0."m..z.......e..j.~.Z..Q...\L..@..{0#n....Ec.6...i...G+.0y|.....#.w......'Ps...4x.Z.sw..H^0.)P.& .9.Q=]...`KU..o.{..p.G.}." ..F.G.d..S...tDqh.....sKr.........U.umN....8...Y.CX.M.n.!.<.p.k.>/'........zT.....jb.yalK......}.J..(.../....Rz.E{..Z..%...g..}&z...9..q.V../..<h.._V...&. *.]..X..@..-....Y.7.f..L...'............$........./l@..7QK&.I<......0>.Oui...w.|......?.)....U.[m..{.........B.c#...i[..`..U..c..c.{.....`x...oJS..e1k..jz.....}..x......(.M..i...l...!....K.X,-_?m.Y....7..;c...n.e..0.,V..........2....do.Z.v...:..*A *.....y.....w1.1.t.P?..]...t....0B_.q..E.c...J..G.?t...Z...T5?Vc.2.Q.|.D.K.b.+W......N.D....D@]t..N.=.-n.....'F0.K......_..&h]........y^..7.Y....".....z1......B.K.3x....x3n..0....kDK.l.g.u...q....).C.\.....3.....&.2)t.&...d.q..9..K.K.+L.m..9..~.?jH.
                                        C:\Program Files (x86)\AutoIt3\Examples\notepad2.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1949
                                        Entropy (8bit):7.906569918172242
                                        Encrypted:false
                                        SSDEEP:48:3ioq98702kJlYenXkyLz+auS8GcnLHDxbzAW18O4:3hq6702KlpX3+dtGI5+3
                                        MD5:DBDDAB50B01E152C71C731DB381D4099
                                        SHA1:367F58E02D20BEC9F760774572F999DEABC41BAA
                                        SHA-256:9F6A5F6E2EF304BD0259C29D7B58F43C4E036924FCBB80B768A291164D4E9C47
                                        SHA-512:BF95E1D6AEA934448DC1FFC5D3D43DEC4FF622C1E4471521AA418F40CDBD0B052B38E04F47A18C0A6C0E3D01B197A1A8EF3C16D22E865ADEB0D2032D5A060C46
                                        Malicious:false
                                        Preview: ......$0;....^......f..._...jqb.......w\....x`d2....-:..q..~..7..P.(..+..z>...........%...,fVIq..YG./.jn..1.K...i.....%$.o.+P....-m4.!.At...8..W.(...q.]..0C..O.6bz....yJo......(..a..x.#..A8hi..)n..Y..9.;.TrL...[.U.;....YCgpd.!9.{ 8h...P2.._....<.....!0V^Z.......4...+@.w.7...c...~i...B..Bb.t3......7.5.|{.aX.1N..R.S.G/u.=T.....BA_k.Vy.g7..E.3{sq.P..P.7Z.d=e.S=.....>...^...*....5..AIub.....LR...I.#...c{...s.V.L.a86../.G7..>.}.Y.......Kte.S..}..n+n.....?O..%+...@..$.It.#%+....>d..............$.........G.(aL.4..(E....E...6..jI.|/v..s.....<.<.y..9...&....|.v....|3...,a.%...D...8y.b...}._t.+.P.C.w..f=..=.&..dP..p).iI.;., .s....DSB..~..b. N<..g..&F....>`+.....hfF{@ja.m=..../y.....C....kf..~.7"..c-.Z..-..d.leDp9_....n*y.. C.C.J.I#..;..au...2.<..Rn...,.'..~..`.:..m!.".....v..Z......)..0...l..;j. [..Is.h....?8....Vsl..g...8: j9.!O....'..D|d.......`.Y=OE...I...=[.o...W.C.....x..f.1.C.*.E.......,i.@.}-i_.y.P.`...e.wq]..../......."......>.B}.([`n,K....
                                        C:\Program Files (x86)\AutoIt3\Examples\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\AutoIt3\Extras\_ReadMe_.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):711
                                        Entropy (8bit):7.684289506133981
                                        Encrypted:false
                                        SSDEEP:12:SNKo8ZFnKuljt64JX7tVr1yIAbSBTuG+3t1WC/3GHhOBWzznCRJZw:zo8vKuBUGXr1BAbCudWCvCuCKJZw
                                        MD5:51905C8574B975F4515A972EBFD48EEA
                                        SHA1:7FDA03E36239CF64BAB3C247824958DF550E09E5
                                        SHA-256:DB52EC8604589F1277937AE4F47F04C02BAC51200A30FD70B16BB94197A8D493
                                        SHA-512:C2B0491A6C98CB8C4965E4305820E28FE62F04157D27EE20B051E9C0F244BFFE4E07BE31C8C01B8FF6A8E6CD08792D6808B457FEE4BAFE391F400F045E4DCB0C
                                        Malicious:false
                                        Preview: .Ri..i.......W.:..J.5!n.q.8..zn...g_e..p2...e..]....../.R`....O. ..?@.V\n.(.[g.RK?.+..Plx...L...WTr...f...<8.....h`.m....S.GO:.`~..".. .?..f...A..5N...V...GI........8.....@.%k.......9Q..D..M...5..d.R..|.....m.pn.<.......-F.M.~$..m.........N.r...|...I.ve..s..+n.9..K,6.8.0.9..3.2.F...bB*.D....k.....$.HU..iv*..r..u..}.....N/..b?7#Cj..h$.I..Q..........Q..h.H..N+irn[:.f..^=..\zT3.bm....k...Uh@...QF...U.....o..PM...s.\.i|c.v'.+..e...%..9....<.B.pe`{C1.0..7...H{..)*e.....A..#w.5Fq<).&......h..P..............$.........<..s.....8.V_<MUN..Z~. ..'...Y>w...M.....g..-3.~;.Y..X...TS>.0...[P...o.U!.'Y\w9o.Cg.".>.d4.3sV.P..%6.R.w.u.Zc.....wf.N...?K.i..(.$..DL..MA..B.5.<:o..Ju...p?t~'&`.e..v(....
                                        C:\Program Files (x86)\AutoIt3\Extras\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Blue.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7940
                                        Entropy (8bit):7.977115842355445
                                        Encrypted:false
                                        SSDEEP:192:pRClQeQOayp7RIyofObx657KAb/4qgO6TyzyfNf:jeHam72/Gbx+7KC4+6WzE
                                        MD5:E46BB9674FE272683D4010606D709EE9
                                        SHA1:96C1A8299DFD451EE49D6E04D1B125DC46893C1C
                                        SHA-256:883AC80FD8A29AC2C5D8F98519FD20CC76C3B3F0FDAA0D94D725FCA8017F8EC1
                                        SHA-512:EC5E725EA5F79D02DAE44EC7408C191BED2589F05D9FD0101E7467A026720B77E686DB08F6C46A71EDB8E9C536EA7A1D91DF825FB740B2BE3BF4A98AFBA07685
                                        Malicious:false
                                        Preview: .}'..++..8.....Q.>T5y....F..e..{.....V...%.J>..........e<k5....Z.L..m.....7w...Q..e..S`xQ.L.8....#h....W.TW?..0.I.Y6)..7..?Pp\....<..J&'..e*....6XoF.:..4.......'....)8..{h.,.w{...Fi..s.s.^v.W........xD.9*7.P_...^?........2..=8.0....\..Y..|3....A.)..c.'v.....:`....(...PY.....X.Iq..sr..X.|..!s.g....Y..u..F.U.7.3#...)...v.p.N......Q.U..=..y[..8.,r.G..uFn..B.:.....6"..V"...._I.y.O...f..k.M....B.....m..}.JW1.Lbcx.\....R&.].a...a].....@.z.....A.9...v....z.,.*?Z@.-X.e.b.......l..r.~._6.U.............$..........+.^8.."+r;.b..0..".....1..j..{.>5../1.........../.........=..M.......,t.?...`....M.S9.....D.........t"..vK.r.6...k..I1...U1.v.3...H.......Nree..-....d."..`w....(>..Xq.p..((.im...>....DHJ.E&*@c.....R......n.;.........}y....k.....[.....P........-...N...3XJ.B.+...=:.H.\..A6....!?....J.%M9>"N...Ly..T.1..6.i...rM.u;...Wp..3m...Un.1.&.<....u+.).W.E....\..F.z...N...(....t{..G).cM.....9QF....4J..1.%..*..;..23.e^.|,..5\@sL[_3..r2>.9.......^.E^
                                        C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Green.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7940
                                        Entropy (8bit):7.974922653769371
                                        Encrypted:false
                                        SSDEEP:192:VKoxn3m8G0plQd0dBO3qvGsMXGoWCXntvZ6NAn9EyB8BAdGof8GJE:Yg3SoQd0M9biUtvZ6yEjoDXJE
                                        MD5:05EDA91A6E9801511951D00FAF792791
                                        SHA1:C526404031C48F96F6771F9539558241FCA68F2D
                                        SHA-256:EB67C10B39AFFDD6372F21806DD18833979972DE85749613F5FF13D55177F8AE
                                        SHA-512:4C852D28967E36C82C70D2792AC8099A2672AF833B8BBDF87CD694E7A0E9C8093992F7EC32EE01C4D8C919BF4CDB3D66BB20488D1839A67401C295A800251960
                                        Malicious:false
                                        Preview: ..6..Anoe...-.A..]<...4.u.x@.6S....w.35v.e,....y.4=7.d.8..z(V..l.....e.4...Q...HS.Y7...]/.r,.2h.`...Tg..3bX...hB.B.I.n|2>.....6>9{.0/Cu....@..C....P?..0[_..L.....r..j]%\l...'...8s..k...d....X..=....N..?....t!C.h-....../..9..a?...<._..b?.....T_.v.LI..L.c..|/..(3r.....sJ.K..v.p...v....*$5|...#.FzHQ.i...@:.q.P..*......&y..HB..5R..\....?f"p...c...x...vi...Y{4.).8....\2.n...z....+h.#..%...,x/..........7C =.l.<.Ou....H_....i...)....:.)qr(<....t.~sQE........O6)iVc.Kd...a.2.R{....Z...xq.A...-............$.........BS..0...x>}.T_..6v...."Q...eo.....$n.........P...8Hs....../..).Qx...#.....$.....tss.'.D>xO&...Z....*....Ya^o....K...X.Y.>..tITE.0......^...x.e.....B.$..\;.q.z.DAd..H..-....U@17.*M.e.y...>.Q.3..N...+4*=WP.{..\dW.Lx..-.V.q...d.<h..@..$.....U.wE.J......e2.O..Z./{3xJ.E'c Bvj.n....5..)x.]t..|,..*|.{u..>.hoO=..OU.[..Y..4.B....B...%+..3..H....b.._..$R..N.^j3...r.D..-.MU...#.uo.dL..G..DCpi....`G..64n.U..o..j.|.i....G....@....~.....PX...b..
                                        C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Red.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7940
                                        Entropy (8bit):7.979107194546891
                                        Encrypted:false
                                        SSDEEP:192:g+7YdViCmdO85GoOkG2wQjLKnsuNaZDEpm2bxOx:g+7rltbq2bPXlaOx
                                        MD5:5F03D736F397AD560F90A246C3647217
                                        SHA1:5F4C297B01CD8D45E6ADE1DD52CD5F9C0D9938B1
                                        SHA-256:6FA37B18FE5EAF16B20B98167A54C729DA00ACB76BCEE149091A2188D17E4F55
                                        SHA-512:712F43D8F27F88F7ABD8C8BABC42CA8757F1E65AA3B0F2849E28479F50656B90359ABB72E3F28CC53CD10AD0A86AC0EFD91CD3917BA6DE889685593C957231AF
                                        Malicious:false
                                        Preview: ...M8M.......P.....=V.v?W.^.&s,#d..~.s.......sU.@..6.F..5%.S......7....~!.d#..t4..[.W@&...'..y...=...............j.%..;.W`/..3...N..N....}Q..........7...-..[.'X......H.../.+.G.W..RE.`.b.G.6....}....~..>[.|..k.....X....<....$......v{-4....".=.K....!u..k..V....Q.|B..6.|6.}.1K...../.,.9....h.]..^.L.v*...h8.R......V..D].O...wo..N.a.i.)J..E...Q....v./....&..@.|M;.L.....FN9x...".O.0.X..x.........).>Kx./...D..T5..G.12$.'p^.f...*...!.@.Fg.kN... 2G.W.....{..W..>2"..%q|...qDa[.....&............$............I.h..(.r.f....qp]tb#..<.it......p.[9.p..k.d..M.H.-;v...D......E.o.rA...~...z.f..[4....}@.....r.,_T....V0.2.WH.z....D@...5..l.......r..$.L.X.bh.M|.:.9_B...q.W.......8,.T.Y......o....o)83....r~.....y....k.1;.%l...U._..E...O.$.....q...U...#.v#..+o=....|.c.7+./.-t>....}B0.....i..&i.....U73B.!......D..p...q..{.L.G..{.@.a..;{.m;.....pd....{......eg.P).7;.\..YR|$.....D..b...Q...h...........d..^......ic..p...n...J<2Z.<1.t.9......2.=nf3@.d.......
                                        C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Yellow.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7940
                                        Entropy (8bit):7.978510225012796
                                        Encrypted:false
                                        SSDEEP:192:UmekpG4jAlee+qW1AxQ1KgaE1TJe9qqKhUGv6z9F1OJlsh:UEveYX1jReBtF1OJ+h
                                        MD5:0E10F1905257C258F13473C3A993F149
                                        SHA1:5AD0A18F39749E291DFAA8FB8CD5BCF77DDAB54C
                                        SHA-256:A15695B0D2A2D40771A546A7ABC84201DDA24AEB3E750E633DAEA947656BCF70
                                        SHA-512:40180EB978B35B7871BA4D5D4D460018932B6355B293AA968FD7DCED2463E5DE3145A417CB6BC61AC83448262299CD1FBFE8AA2F4CFAD83D5140C70692CA2B98
                                        Malicious:false
                                        Preview: ....[...yx.kKP.....W..W7G.....h.?...e..A.?..D.^..*>..9Z...{..../..=..W.D.+T9..X..H..C.2C....d=.....2...am.A...xG..*....?.f a..N_.$Lf!.{.k.A+)......../.N.l.]LeS.w..1I..fi=^..\.....O..!~XDh..$.k..(...w.T...-j..[..X..?a.f)...V.=.o+tP.(..%.fp.:\..F..x.....z..M$......T.ZTo...8..8.......DK/....c.......^.8O..Z.y.....b........../w*..Rz.J......................If.@yVn.^..]._'...?|.%./...b.H.g...A.".....9AF..(..j.<.....YU...4 2..`...=.....).....G...fk...-f..y...n\.7..+W...s...i4.`..P.8...0.............$...........G.:F<ie....]..C.T..Q_$.?.....#c..L+.[9.T....m...$..f..:...'..I#..&..?$.....!n.k..'.l.=...~.0.H....9.o.T.S3.*V......B.W...$.EJ.U...X.M7.............Y.C.P.c....4.*{..7.j.n.!.AUP.U..W..4..............!.z........n-.....M..O..}..TW..\..[.j...Jd..jV.H.kY".qH....(......7}..".<.mEc.Y<.|.j..\...r.H.m..k.....\K.K.B. k.......w..D.;.........M...f6.....-.R.0..[.m.+..Y...~.F__.s.>b-.....&.......Pd.#..t..i./.\.`.8..c.P....<+.rX.d...Q.q..8..
                                        C:\Program Files (x86)\AutoIt3\Icons\au3.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):32060
                                        Entropy (8bit):7.993489992224788
                                        Encrypted:true
                                        SSDEEP:768:BqomAxMHpyL2wyQLC3aBp+nzcvSqPWq3EFhVi5:Bq5tp5w7pozcKqPWEAw
                                        MD5:5AC8EF27FE69EB026AE56734C356B9D5
                                        SHA1:973F95EEDC456C44AA2EDC6D9FEDE8B4335995F9
                                        SHA-256:A60812B7FF604628D73B279995B9E1826EA3CF529D8FB38F790DAE45BED99CE1
                                        SHA-512:3455EA1F62EF0429A4143E2B36EAA98F2D38FFAE6CACB8D68CD51A95A2967373624C41CDF93CD6A1E3AC57B6E26835983185667D863FEAEC874DC065B3C20978
                                        Malicious:true
                                        Preview: x'g...`{.m.H.8.{KB..D....._H..[..ue....2j,r..9Mg6...{]..p.6.3.4a.dg....R../.Frj.![.JwUI.......b:d.6...Z..V...(...lC....}k)97......&5H..f}..o.t..{g$Jj.....*g.|.....@..*..F....{....."|....h.W>+.....2.Rm...."......j.y...hx.......?.k...O!....7........NX.....l.!..k\p.......j...t.+Z.....)..R.3.QL....R..[..t~.oV.@.p...-.)..R....s*..3..%...$.'h....Q.br......q..2`.`b..".Y=;.6.L>...6.....b....H-..]XT`.. ...+.F.T..tN.&8.a-U(....CQ..|...Y.c......w+....ha.....X.O)...P#.E...p..H...M.%K....h3!,rS.............$.&{.......U<.:.`..5%U.Ah9b..26...n....a*....B..1(&!b.R../.y#...J....g..x.....b2.+f).b.o..j....8.,.........`..Hp..b..)../.....!_P>..r..R`../Zi..Y........w...{.'..r..]}&n_L8......x......a.V`....(....b.3.....Y..6...6....@.X.)......}.r[..........0x.....{..w.....`^...........e_.~.e..x.,\.Y......?..Y.D....CJ.#.J4u.A...|.".J.l.m\.s.....q.$..>`......:y6..P.D...YC.gOYe.5.<0m.e.J...Ug.>...x..O.....D...h..t<.{..O.....0...2g|.g\^`)....Q..~?..jr...`..gTHF.m. ...`.E..
                                        C:\Program Files (x86)\AutoIt3\Icons\au3script_v10.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):72080
                                        Entropy (8bit):7.997583185590655
                                        Encrypted:true
                                        SSDEEP:1536:viva4UXpQiUQkv+XoZz73Uul14QRtrJAnYwcvrnrIVam:6ilN8+XoZsullzrJAYwcGL
                                        MD5:D86C413071209F0810A9E0B2E69E9484
                                        SHA1:37325D17C0B90236108883B399809A78C921649D
                                        SHA-256:66E2A678F65CE16ADE0F624EA3B6D8DE7721181904A31886EA405936EB911D0F
                                        SHA-512:0AC7BE635E9124B55A407A8329C71FD9C0C208D738EFFD7C7E2B5D4B89387074D8436B247DCC83476D2BCB183A17CC0DC37575AA8D3F887FAE54C0236199032F
                                        Malicious:true
                                        Preview: ..,g(...J. ..K..".....At.......H{.=z..d7..7.E\xyD{b....>.O.YB..........E...:D.El+.....;.x._*.L..\..>Qy.A..z...T.G.5.].n...0....l..E.0.....+......N~.*.9.LILN.D..5y..d..\t..y...c....)!."..`G....|. v.ED.J...Y....QQ.....vK.....?......_..h..A...A..H....7r.yi...........\.v.sEk.:h.vK.o...w.."Q..}.)<..J7.y....`B.aV.........A.r....#...7......x...t.fbQ....PV..Ns..J9L..X.dG.$.r.u..}...X.j?....!&...+.e<..*..y-.4....y.......<.. B.....0c@...M.'..v..|....W..i.l!..F.....5.....6.....w....G.$k.#. X..R..............$.z.......6.:...J'.eJ..?.E..V2.5......K.....U.m.e...b+..V.....y02.....l2T..._..)..o.,"\.g.;....y......yl-.HA.....e..}<.\.Kg..{;..:.Q. .7..ve^{.=...a.ae........3"...?....f.p........%o.h...<..b..,.5._..h..M...}liD..E..".SI..P........6..N..'.Y..."+j...;..h...o....V......@.}.<.$wO$"}..IM<.....70{..^.....U.'NO..3'.....=.j.V.....Ke...,..............4q}~.,.....j%...w..../V..&......2h...j....i......0.........M.bXY.<.....D.W..-...[P.....=..dx.Q.)..v.#
                                        C:\Program Files (x86)\AutoIt3\Icons\au3script_v11.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):41821
                                        Entropy (8bit):7.9956018184838795
                                        Encrypted:true
                                        SSDEEP:768:im6mm9vG/odvo2+TfPingCluf6VeV59bFaH1B4/EE1UrshcDdxWYqoJhupIKrUYs:Lpm9vG/ouangIXWmf4/xPhCWYmpIwUVt
                                        MD5:29185F196F31EB403B24EB0F2969D1E3
                                        SHA1:8C3AF36450DE6341C6ACD1CDC4518B6119F7FE58
                                        SHA-256:51A7BA28249FEE14DCAE93C4224F1BC762981C3FF61E3EFAFCE7AC25BE457176
                                        SHA-512:22F120708208673AFFDA23E0D0252826B9949F11937737B8BF606C1A2189980C1685D3CA860DC0521F0C742D4CBFC6141A14F3D5A4AB0A060D1AA4E2FA8EDB52
                                        Malicious:true
                                        Preview: .y.72.......&./:._.O*.....7.W...7..T..M.l.Iq.....t.b......[........&c.o....TE.U1W..$_....t....E...M9...i..f.1.".3lR...Ck......g.....D..9..ilg{...|.\&:R.............Z1....r.`.[n...L..;..W.(h....f<..n.-.b{..x%.5...IN..bm=E.$.!.f...0^..P.2Y.0Z.. ........G..h...P.j.|....=...&.<.G......d.lri)..H.....{.0..K..L~X..m#s......O....j....n_\\.....:.."fZR0../..Q.X.{.`........n..w.".....G...7Zw...)U.......B...'?.. ...}.^...a..t...'.../Wn.%...n..'.G.n..^K....B=.../;s$n...8.....*p.gu..............$.G.......e.OM.o.y.J..R..n{]...jiS.(R...K..S|....9..|.y.G.j{G.[3z#.T >..^.U.w\.X.O...r4...N`h.'S.:.hp...S.b....`X.G...j..Tnu.......,+.....7oa7e.K....'..W.\..!......QT..pe.......Ei..C..6.d.Dk..:.....Dg1.).(|9.}..........O.>.....XL..r..D.Y..I...?c>....]..d....h.C]]..iv...l....}C........R.#r...>.4q........R9.._.).a.R..3..C.#h.C.A.......$.DW.<....$va..2.P.0......H..g.....x.#..O.1tUMO.S....F7.^3..|..fD@./Y...E.U......r'..~.R...!......V[...^.Bb...
                                        C:\Program Files (x86)\AutoIt3\Icons\au3script_v9.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):25748
                                        Entropy (8bit):7.992446635116934
                                        Encrypted:true
                                        SSDEEP:768:eZ8qgGP+V1CT2qU/Y0ztathr+CmrVjOn2:uRP+7mXYY0ztatJ+COVx
                                        MD5:093C8CA5674FCFB5DA3FF76E441959FE
                                        SHA1:A61E6CBDE62068C39C7E7A28F154C6BC803FCFD2
                                        SHA-256:53C680093C7015ED8E70FD7E9C652089EDD8EFB95EBFDB8D5AD1F7CB4B5BBEA8
                                        SHA-512:4D3049714F68B12D7846C25CB0D18C8E6F95526DBAA97EAB4A30E9D2FD2C24A61FFE259A8C9B410F1191A5A73C786C5E59A3FD5FF926B1FF255C9E049DCD916C
                                        Malicious:true
                                        Preview: S.wv.R..3...2+...QJe..v.g.Q...q..D.u..3H.$F.........O7e..... ...{..y$8M..d.a.......(..f..Q?4.I......`...?U.^.YT).UC.....F..a.j.1>..{...W...Tl....3..}W../..&[q...":H./.Hd8..=~.A...L.q].s.....%8..%.4..7....F. #...".Icf..*c...&..H.........vI*.....>..(..V.y.i[...4.g...T.kD...EK.R.0....^Q....q..ow...7.9...9j...r..$.Ti.N..o_.v.?1.P&....a|.(K/\.8........).B..]....R00.:.......... e.t..w9....#].......R\.%....N....._.)]..#..L9..vW2.a....<?......1...!...a....J..iBr.8....`...$N.~.d..c.5...%"m............$.~b.........).G..........X.u.....:-..fe.A*.*..cfqn7......T.T.#..=..i".q....!.1...j...,T.I%.ao;,..&.*..Mv..?1?....7D.X.......P.)=...^.|..\..u../..9xK...n.. . G.k.....$....u..~*.Gb..i.....6....r..9.NKEZ..S..a.u.._)....pu.I...t|b.........\<..h_..'5.d...g1.....~....e......Y.CC..=.I<..l.(....o.A.>.'.|g...De.*9..B... ..X.X...F.)......Z."cqH..,w.3.3D...o...$1."4a?.LR....!\...y`.x....m.#..K....}Qf....s6...r.~....#C.7.[......q.%.A.*.u.U.....N.....^
                                        C:\Program Files (x86)\AutoIt3\Icons\filetype-blank.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):34118
                                        Entropy (8bit):7.9937417460816445
                                        Encrypted:true
                                        SSDEEP:384:IArAq8GtKaL+XAMTLOEsPGOnWZSNZnLh1SvGryfXfsGBPPihR+a7QvHN9uegz2y2:9AraeTLIuOWi9w1EQShRxQvHmxumkD
                                        MD5:41D90560294533C980E9E2F3E0460BC9
                                        SHA1:068604194CAE6DA559F116C4448739ED286904E9
                                        SHA-256:7E2767C469E494910546F1BB8F78B18C7CE5F85E61E193FFE7DF470769F704F4
                                        SHA-512:BC235CEECEDE9E8ADEC3398378914F849FD9A3F760921112B9A29928504EDA75A038D0C0B33B8ACA8C8EDFCBA7CCD3E76779DE1971B1021595422B3911C37B7D
                                        Malicious:true
                                        Preview: .T.../.L........L../x$..a.....m..]...H.D....[....&..A.K..4...l...p.Qdx..K.!..W7.0.S....*.qI1.1s.a.e5.j..K.tg.$......%T......5z.{g...v...0i_.-..b..&!=../n.....Z.(;.R;1..D...X.5.Ao..L=!.a.....SF.pk.>....'+..^.Cp..5.1,....4......4....x.*|.N...1.ETM..+...@.Q.$.EJ<{..&.F.'_..c%z...fw....H.s.....v.O..).D..>.......~+B...@G\@..g^...E.#m./..x...?..S.$......'B..Z.7..=7..>.Sht.Q].FH[.4..<.f.......VU.@~6..s...@.Xi$.W..c.B&.L.H..M.....:....q...Ta...}i(j'U.15O4"...2........MM.C^G.IK..0u....7.............$.0........Q..=.#..5E.L|(......w@Q.}._.(DM.L......d..g...s.`.......95. L...1{.?LH.....r.*;....,..c_.~]Em......zJ...%?*....|.>.....Z..H....e.ee.d$s.AD...+;..?...8......G|)bk..Lh...,#z..^.\..t.........'..7.VP:........^..e...(f.|5fk.@.N....N*Q...l......<.8....f..o"F.8M.r......z44\S.eMT.'.$w..N...3W...:.:..;..QV..5.{z .zP.=..h.r1.1\......S.H8.Q.N0...mg...q....x..J.N7.+..E...wD.....g...=..&x.U........vx.iOp...............Q.a.U.8_..K....N.!...9\..0^@.
                                        C:\Program Files (x86)\AutoIt3\Icons\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\AutoIt3\Include\APIComConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1505
                                        Entropy (8bit):7.837932894933141
                                        Encrypted:false
                                        SSDEEP:24:RwpHbPhNjZEtPJ5PWNXWhf5/cBwd4MX+U6djiuT+R0JF3ab4kypt9TSX5:RkzZEVfSK+BwdlX+UAFJF3abspt9Tu
                                        MD5:BC98198DC17BCBCF79B68F596A0F46B4
                                        SHA1:50C7E1E397920C743C8A57014D2B765D7EB6E59F
                                        SHA-256:DD5A9C6B7688EF2BD3119F56C44F85078DDA7FBBB5EB164DEC0B979A8395621B
                                        SHA-512:775C70872B93944D492F30EEAB9351761C77D0C005FD42533C4A689B41428EF5500BFDFAFC25814D9DF3A046323859A14AF468AC9B969D6CF3F14F115665128E
                                        Malicious:false
                                        Preview: a......z....L..m~..l.pM.....P..!F.....L...?....r.`..a.u$2.J.s. CF.....T!...H.ni.m.A...l.....x.j-V.Z...]n...}Aa.....8b5f ...k..$.!/...[J..v@.....N.P.[..e.B.....-.v...uW..s.........u..G.......Y...cg..)....A>y....kyi..c...,..t}X...~..r..@..R...i......Un....6.....M6h.;....<.W*...F ...Va......U./..S.Y..x;.P..!i.3..J..K....;_.FT.;.CIm..T.....[......NG6........5-...9.}m. ......l$8Z....1...l.bK.T....;..Cg.......S.S..3.{.W......B...{W.....P..a..!jk... M?a.~...-.F...q./8......j.5.......A5c...tn.............$..........4.c...........R.....Jk.G..[..P.zA..l... 8.R"7...._.J8t'.}...p{....L|.h..i....h2.._.......AQrI.J.......6gz..S.@....B....l3......^a2...z4{.).I.h...f......,..v.v.m..;..ls;qb....%>.r....`.PV..Zl.j.=.x;M .;..C'.......H.K1S.~..l;..._...C....4...'g....*....I...Q\K.B..h..Q.Q1..X..Z.Z..CY&...C....K.{.,...j.2,..R...>..o....JlI0....y./..P.K..P....Z..... W.c....a...E...l......9.3 .%.."..{.Qj......L....w.......`M..3p..|..8.X.)...`GI....
                                        C:\Program Files (x86)\AutoIt3\Include\APIConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2282
                                        Entropy (8bit):7.90427354776573
                                        Encrypted:false
                                        SSDEEP:48:16KTYD/y5pFV4zL6crHHTLwohBKMmeEIiWb1Ubi/KDqGSQ51H:AK8/ytVuL6CnQcAMmrW2bi/K2i5N
                                        MD5:5973608FBB71CEBF97B0AF57A1377A09
                                        SHA1:2EAC5AA0018B387AF09F4FDBB545398C3C47E0E6
                                        SHA-256:807CDF3C835EC67A4204718EA68E94BE67FEBF276CA51B1B815B2C5A24AC21C5
                                        SHA-512:7CFD2C6F690E17A0489C38F8EB0C88755FB5EAFA3D795627EE79AB9E31E3F24DC5620BA4384D05E075C070B6D2FF0EC4355F27CFEF7C94B7EF2AE7AB9D1907DE
                                        Malicious:false
                                        Preview: R.S..z.. G5.>..+..Z.*.t|X..'...&}..>./..r.^}...L$...P.M...ar.......L.M1...d..UW..d.T.*7:...A.c...N.n..3..t.j......h.2yw`..KqP..k.p..h...)....N?.Si%.+.1>.....:..l<..G..d.........x.:u..\aQL...g.T.1.j..vs}!.q......`D.....V.`.a}.*.ph~.g....x"i.....1.I.f...:...M.......1~.....L.....Y.......j .........1..p|U.t02.T2.....2e.9.deu........WN..d..@...)1..Q....D$=.......F..;I.o.(bb.u....#._........G.A.....t.....`...gY...p....y...-........../.f{.@..I.ac.u6c.{..../=....U.G.J.OD.....\.DC.C..c\............$...........5..35k.F8I...7..../..A.,..[..K.....y.G.F%NH..O..H.\G.A.o.>..Y.D....'......Z.3%lY3K..3.?k.-TxP...%.....;V,.-V..#..r..."F...|.....cU..}Y.".W.......n..^.....J......5V.6.f...>.;.64._/..c...}._...z+..vY.x.u6...b.......{.Y..l.;....]..B$...v.^...5..@9il<.f..xqd.....pLg....\..V.#.U>.f.GY:f"...XV.n.Bs\.|,..V.(I8........If/K.lHg.7.c_.N.[,.h.=(............3...cb.]...v..G...aX>f...E[h.pJ.#.5._.v...../....G....7`...%.s*.g/..p......K\.....v..7.......+..
                                        C:\Program Files (x86)\AutoIt3\Include\APIDiagConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3440
                                        Entropy (8bit):7.941764825491128
                                        Encrypted:false
                                        SSDEEP:48:pDd63icLem0crb/UM+UHhFc5hRaqr1k7mVRNbbnat1tGgo52O0/OzKRPHLmz:p56SGyc/mX5hRaqr1NNY7VOKRv+
                                        MD5:493D7ADC6868E3FC8C8C1060FCC42282
                                        SHA1:7ABE5C1F30C6573BDD5502B649F760BC3EAEEA7D
                                        SHA-256:7EE1A2155752B43280412C7D92A8D7D4D3DD05F950B2F707F347A181397C4A85
                                        SHA-512:910EE793C09DDD482DFD747F8B8B6A234B6D10209D05C16EA7395909B01A99081583F374C4FD1AA106FF580A340C2073B0FB87747E4D91A520EB243E10A6E4CE
                                        Malicious:false
                                        Preview: .Z&...+.^9h....dH r.... ...........1..V.Q$.`........:..(j=/...e.].x..00..6.M...(..Z.wO...\......TR/....#....t.........-..'.-K..Na|.....w...?2...k...8]Xw.y..^.....(y[.._.1.aez..~.*f}.[..y...c..V=.d..-.g...q.C--.=..t.`pv........v...Z......\~%6....dy)..,........s.y...-.....a....!`.B..R.W+.v}.....r.t]fj....[.d....g.\.....{`.ku)n.x.--3..;.....E.Z@.YN..=..b.;a1.0....5G..j.......z[^5...J.^g...c.N...].S3m..dm}6......c.#...ec!......=O3}...Xk......!_..M..7.q6c0j.lCHm.E.}F}.3....b.i...r1o.5k.. r...g.............$.Z........-.A.OR..of.W...@9..,.....Y.h4..y.E1..:X..5^e~..#..@..9..C.s...>..n2_..b(......d...x..Y....A<....x.Km....G.........m.U}..C..y.1)F.....3.(.L..K..o....U.f>n<-..+...9....... ./x..-._...fc`8.=...s...l.......v..<..Pn.H.SK...(.....s.v..v...(..e..C....4K..K..@j.WlI7.........u...d.!.?....a...B......u..o.0|q;,..@..".2.BD+.`..k..CQx..KU5.-Y.?(ID....M_....N......K...=/_&.......`2m$_r.f...X..S.......}.i...S.I..e>..z.3<....0...zk=.....!...#..VRuIW~M..RG~
                                        C:\Program Files (x86)\AutoIt3\Include\APIDlgConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):11289
                                        Entropy (8bit):7.983495547661977
                                        Encrypted:false
                                        SSDEEP:192:4XGEz0l1AaACJibcL52K52CodAND+8XxCX5x+K7D7Du/fwIXddLf3oQ+7M:qToT15JiM51lo468oX5x37DoTXD3oPM
                                        MD5:37AA39DB783F92EDF4597FEDB8E5D70D
                                        SHA1:C255C66353DAE580695F9000E6437710F956D602
                                        SHA-256:10EBE7F345CC3A8D4F253C17D3B4D5D33424694DD0B91086D57CF6089EFBB0B3
                                        SHA-512:9199C39B46700F6E2A0026CFBC724DD6F8D334B6CDCC9128B40C9DD2AD6CC0671FB3EC09F3808651A0F4F5D6BBE1F6C26203C09EA4D94F0C791E62CB46215600
                                        Malicious:false
                                        Preview: ..E.#c..O.D;.....h.....f.8....+&...{.jDD.W..Q.KC.......O.C`.g....|n...F.}\.cx.`S.{5..JY....m.b*I.h.8y.6.4_My->+.w.Sqx..k+...'..pC8....]9.EvmI..w0.>.3...7.k.v....`=..N..-.r...9[...y.,.E.....u.........Uo...$lDc....hM...>...W...`MK.4.O.i...+..w..)%.n..$..~d.<......lj...|......E......9....S.9.r...;.......E.v!x.}a..-.l.v....D.........d...\x.....c. .<...s.p.I.m...6..oRr.2..D..K...s|.].QP....a.<..Q.'.. .....=}@2..C.O~l..X..^N.(...sh......zS...t .V..$..........v.S.....<G....?.h.kz...=...X...iJ.Zy.D.0............$..*........b...7$85.-....v.-....M4.b.\..T8....~S. .Q=..]=U..ym6.....MY..$.>..F.D.........q.....F.^e..,.f........!yzZ.^].'..~.qW4g...L...f:.PN"XKa...g{wHH:..R*..^}.....#..}.CX..._...."..&..Y....O8'.N....5..-.....:;...I!.0XD.M....=*w...6..Z.......1.1.Le......O!...!..-..J.ec....h..h...].u.]..x.4z.n._."..N...l......`.E.n...,.Mk..W.5a..%M.{.!..Ci@#0.ZDX>..`}.....4 u....W:K....HX...... Mk......`....A..W....b..G0............{..I|i...~}qo(..<sa../..*...).u.
                                        C:\Program Files (x86)\AutoIt3\Include\APIErrorsConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):309995
                                        Entropy (8bit):7.999415662647218
                                        Encrypted:true
                                        SSDEEP:6144:yHxa9UefGwd+x9LiJ/c+suGthiYqMoMTP0ZFu+cN7ls:ya6e4kk+suGthivMYnINK
                                        MD5:6BC84D3D00D29E3A497DC01650093FB0
                                        SHA1:926C43C5A2E29D2CA94E20D03AFF7D5F06FD19F8
                                        SHA-256:0BB89FCBADC9E13CA6040A0069E107C8CD39123ADF7FE8717EDE298D0BFF2A9E
                                        SHA-512:961333DF3136827ADCA3B5BEAD8FC73002EC71FD689F7AD7A106B89609539BDB74C091E31B30A0F02EBCD65AFB178E0548592B1FDF6A944B07C0127678C31983
                                        Malicious:true
                                        Preview: q.....&..~...S..A<.>..h..O]H..4.........',.M8..n.....r`.Cj.<......~R...A)....B..v.`..bPFn_n.!:.Ug....._...K..X.I...._...z.V.<.8.O.>.f.kG.M).lOc.BTX..1..L#.O.S.7-`fJ..0e...8.T..y..=...w..d..h..w.......Gq.%+@../..g.Z.jg.W}v..<..oZv.....|~.'..O.Jq?.O`.K'.Y..X..cqZ48...;._..{..D.9.!..U.H_'?. .)..1....&.U}.\w.v..9.%"..?...t....%.oz...{8.c.eH.....K...R.x....n#..a..g*\}..D..r:...>=...N.w-F.&v ..0r.,T.Zu..B..N.L...EnN...~../..P..4a/..1..z.:..,y..1.2i.v.'....&8S;.R...k5D5U....l..A.z...`=.$.............$........*.....].@...E.o.F#...nK...v3.Uo.dK.^0".V....sX.....=..r^.....X|U2.9.M...<....9..9Y....@.^.......t..sz%....u....k.I.=..9.<v.H....M.!5.AX1jHmr@T.h{.S.Z.....X....T.[J3..e....!IBT.|./..Jn..n.....{.=.;A$*w..%a7..&.&.......(..}f.[.D.y..H.,..(..*..3@..Ru.2)/:..{..C.....2....y.[..i.E....|........6...wC..e...(/H.W....R?.81..z.J.<.j-zk.]n..X.9./A7.7&.D.;......6.UyR..H.....%wQ........N].ub.&..8.A.|..\h... .G.......d].H7..$...P.?..[*J3...H..s./j./.c.(..2.9.ZCv
                                        C:\Program Files (x86)\AutoIt3\Include\APIFilesConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):27967
                                        Entropy (8bit):7.994202700528026
                                        Encrypted:true
                                        SSDEEP:384:XzDd8PpIwe4m2fGQTtk1IPliJTKTlCyuegtK+StSrf2T//bxeRr6ZOfv770ChJ8k:XP4Ftk1IuKpCyueAdr4+eZ2v77HKcTYQ
                                        MD5:D323ADACA4D7EE1BDF3CCE70087F2D8D
                                        SHA1:D0AA2082878360FAEBC74E21CD7725DF39137A01
                                        SHA-256:6C50619514A2C805A0ABF8BC6C5737A79C2CF7897F22D53D9A127866B2A07E83
                                        SHA-512:05BD808732D42181BAF8ACC86C50E67AAF16AD1B78F11F34AC3FCDF84A5E61BE307186F74710087833B87869B0399085B91323A5CE63D8AD2631ED1CB7D83235
                                        Malicious:true
                                        Preview: ....U...z..g...5.G..{..V@..7....B".e.#.jw.g...R.4....,..,....4\..?x.f..@Ca.k.t8RxF..R..Y.M-&...w.K...#.s_....=......;.!..O;x=.>..l..JC..+.....y`.vU.....F._..O9.(u..mG./..Z._.q.0.oY0"....}F.'........}t...w.`/..}..{.#.:...J..:wI,.Q.....Y.u..%..@if.X.q...^M...c.x......}..q.L.....z...Y..C%..I..!q....9..f6..\r.$.......c1r..&H.c.t.Gq..5B.9eP".r)'Tt.....1^.y..-ZC....D..`.....E.x.....@-.d.r0.?.n._.b....[d<.T..V.1...%.gx.EL..G.....k...5.tC.#.BD.I.1z.FX.t..Nm.........6......\.j.T.....%...*..............$.)k........X.."..._9.i.l0D.aC.*1,.oU.ln...}..6I....F..pW[....6I.E....(B..?..].....`..[5?%...{:....Q.v..n..r,N`...'.D...3.k..b..;...'.,.....r|..U5.;.s.......Tg.........V...... ...9..+.o.&.RH.....`...^........Gm.m...Y.e.).?$.....OF......N...W.^.*.H(..'......4l..r.)..t..6.....<o.....(..5..C.+.en..........g.p...+.eG._.,..@.(..X*.....|...&J-I._.E........-..+.RT......TW.;.....`-..#,r9....pu+z. #."..Js7..&.M...Z......'.mpL.u.A'xX.E...G.P.6...._.v...$"|.....6g..x.
                                        C:\Program Files (x86)\AutoIt3\Include\APIGdiConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):19956
                                        Entropy (8bit):7.989135867543382
                                        Encrypted:false
                                        SSDEEP:384:xcJKakeKOAiccnhylehIAjt3YmGJ5ozPqWfHHo6Gwj/pgBT/Ow/Pg0V4:OK7eZcc92AL1PqaXGwdXwHg0V4
                                        MD5:DEDA15870E59F122241B2380D28CF35A
                                        SHA1:E18579E43A14AF71C49D41B0A6F34163C7C6E3E6
                                        SHA-256:807AE255F12CC6A73A2FA620382A185253A454864DB9F3BA70D880B210591E88
                                        SHA-512:ECB7DA12D7ECAD3E55DDBD6C5F2DF03B45CB47782F384BC01BE6EC04385599C044502792E53B2A1D72B9D79A0E4514F75097AC07A574E39909A57BA6D6D12F81
                                        Malicious:false
                                        Preview: .KX.'$..M...0$O.....c.....*.V..>.+.+D..%C.C.M.D.f..}.1...m.(..cu..7<..s.Et...,....w&..|.nq..o..Pl..QT.m8.`..1W.I.f.....u.>.WL.8p.....<..W..2.b..y..;.y...L....L.5.......-.Fo.....G+...........q.Qdu....(EO..<u.._...\.^cJ..rm.....*'^.&.<>......3NL.....9hh.....p.v1.1........A.q.|sv..(...`1.i....=......P.`..K.....u...}f.+a:f...*.....c..7u?.n..e.."xc.).X)..V.|G..2...s....M?....z8.0g`.:'......Hv.....|.ZE^...;....}.....Fko...T..,.G.]8.....?.x.3..<......2...e.w..y.....q..........r..K......v............$..K.......hB.ymSR.V.C-G.S7D..!u.o...*..:a......S..Y..\....6.FN...9..%.%. .N.".......<:.L.*......$H^U.%.s%Q{}.CpG.<.7.e..F;..XM...C=..i.RV.`_..Q...Q..x;.n5......qx2...Wx0...n..Kt*..bdkF.l..=Q..........).....9$5............s....Y..f%.c..S$..!..p..'...D..i.c=.L....B...n....ks'8W...Ia.4....poFKb...r.(.6.t3?.w....:..[.^.~...ND...F...?.l......|.@\V..R.{2=I%=...V...1'..5u.k..4.'P...D.....>.I.f...Z...c.r...........Y.4..G..<T.M7,f..e...3.rIK[.y0^#&.7C]
                                        C:\Program Files (x86)\AutoIt3\Include\APILocaleConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8291
                                        Entropy (8bit):7.976360667938219
                                        Encrypted:false
                                        SSDEEP:192:eOFUp3jrrKSEUep8j8iupnT+gwZoS4QPxYkSzKw:eOSxmSwpfieSjZwQPKnf
                                        MD5:69D85A4B3F2177C5BD1651EBBBFD08E0
                                        SHA1:A7F7B7E46B78EE3FFFF7D0C880D41584BBFF0DF1
                                        SHA-256:096158E4771A31A3B2EBA755800077E9032A7F5880A05C5B923A0380AD3905A0
                                        SHA-512:4264FA62859BE79CDCA7026AEB154C79160F31F6F0578AF311218FAB965DF74BCADD91000ECCCF24519624BE47B9EBC44571BF5F0CE5DB56331C694A1F5D44FC
                                        Malicious:false
                                        Preview: X...L....qB.,.4&:.j.Rz.Hi..j.aa...Sj..<4.:D..~..l....5.D.....`..*.zRJm.r @|P...........W..y.Y$...[Uj......}..S..~.]K.....!]u....Y....gYJ.eo...8`..4Y>.L....*..o.y{3....3...k.2.nS.g.pX.......)/.q...O..K..`......!a.....\a..^.1........"p..Q7 ....*...o.....o...f.>.....C."j...a.`+.d..JhE...:....&.sI.u.....-.{..9{.....w.R$L.H..._....O.p....4.....a. ...+..|>..+4.V..U....{..:..,....I....W.....^{@K..U....<..!.fs).....\.:....j.@.s.......a.7.t..~.....G...`.^.f.Z..%4.8d.A...}.~..C..............$.M.......,L....@*.!R.....S2!..s......f.A...1..7.pY^..".I]...."..t..].v.wavH..Y;........H..P.C.a....;(....`..&*m..9AG...O.;f..5..z...R...;`.o:.Pl.k.GY...E.kn..n. k..6..s.E.J.....61....q0.&..Bp.&_.DW.9K.[..Q.j.I1..M9y.........wu..p.1.Sv.......z{...e.....9..".Tt.W].e......-..-E>..];.B ..x..?B.2_..M.{..N>.U.E..0......p.V....... ..-...=)............[....e..9H\..p..0...z..]G.UP..=!_....z.XUq.....2.......y...g.!.h..B.Ke..>B}......P-.@</.^...c..z...T....Ih<2:.
                                        C:\Program Files (x86)\AutoIt3\Include\APIMiscConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2413
                                        Entropy (8bit):7.913119340776615
                                        Encrypted:false
                                        SSDEEP:48:zSJ7JsP8lBQ+SpJeGqLzYzsQ0mSnnzArlIOw+wswKVkLRvbO8Rvn7n+kSeQilslS:zSJ72P8lBQ+aqvK3szAJNwzswKVkLFOC
                                        MD5:6081893F36BF1C79C488D14CD750DA9B
                                        SHA1:EE0592B3E5C8181BD551E652F5DF47292ECA4A15
                                        SHA-256:2D5A9A4E6DD39727FA536FCB7E2C25B9A985549CA89B60B1BB84B8DF696DA54D
                                        SHA-512:849C1627FAC088072EEBFAC94D46D0EB7DA7E3079C520AC562270D3CC438C11101304B32E1302C6697AB8D8F768F830FC03045915772C9EBD979306692B4DD17
                                        Malicious:false
                                        Preview: .ZS.)gP.9.?.G..=^#..R.p.{..5.2u?.........C..f.........8Z..rnD=C..Ot..s..oM.v.Q.-u..L.O..,pI..`..*G.3.Iw..h.q..2"Q....Ef.H.. Z.L.........1.O.....p.W7N8[]...$...4...=y./6/.Y+b.7.....!.a..UZ%....B3.c...jV ..o..{XUU...WP./.....!q.,...a.....n...zT....Q8I.....s!'.,...v..If.C.X...i.d.E.........a.|....p..?....}....#&..&.m1e......:.m.}.s0......x.....,.....]#xI...$....!.$..Y....0...2....)....84b.Op..../?.9..?...8.v.m. .8..E@....9.F*...!..\.Au=.D#..c3....)........g.%;-`L..~{..#[/h.K[.................$.W........V.EF<.....%3G...!......Q.!N..E.Z.....E5{.{...GG.X~...../6...!T.Y......A..8..a$...,[U<..v..B....@E..E..c...V.._A..}(G.K..r..&39.^#..b.c.^).....5..IKYb.rg...>q....ddBT0.........m.N.Z...D........Oh..........w..p"..D%..k....t...0.O.e...[6.M.....=."..j... ..h.{..N...+ >.Z.F...?F.....h=..."5<...9....`.-$.[....d...q....7_N.._sxCJ.....8.E.n._#....)qb64...PF.?n}O.v..Nh..s...z.l..9..X.K.a.....dkd.a...}..>...,.?...m.a..Q..@$.@....l..."..IpZ...?.
                                        C:\Program Files (x86)\AutoIt3\Include\APIProcConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5645
                                        Entropy (8bit):7.9616740667474595
                                        Encrypted:false
                                        SSDEEP:96:3ssOovAWjz0U8EC/XucubvuQi5QA16rZ2CgoCezffywmeXhaC1XZWpzqHu1ZWfMl:fOo9N8EoXpu5+i2CgNaf2eXhaCZZICmX
                                        MD5:3B8DCB27F0ED525027EC85C58F27DF04
                                        SHA1:D88293259A462CD330774132AF9C5E1D812A6651
                                        SHA-256:B27236D3917A68F0825314AC2D9E248F24DF33FA7AA76146C27E0BFA57D01714
                                        SHA-512:73B78585DFA1C75D76B6A80295FE0BA78AAFD064F576F384BF03231648EFB219A13785693B061E7E771AEAEAC3F711B56F095B3B212D3C03AD094A2013664397
                                        Malicious:false
                                        Preview: g...%1D.......41=......l.-...K..r2..l.....O.....:%a..4.v.h.....X........s..b..$..)./,#S,|..e.k.............-....D.L...............+..-%.FW...eO...(d.t.;WV...r.Z...d....uwNgL)-q..w1....]:*.@{..+[.L......_..}!....Q....5...{.B.V..k..o...F2...U.~z../.N}........z.<[6w~|9.Im.N..@\..H..Ep..E..+f.....)......W......f...WM.l.S.\..Q.y.\6.[....../w.|+...>..Ai9s.rz.."..YW^L...Q.lF....f..w.:...i.<..\..._..0...A..Z...C....2.;}..P...mb.!......D..y.y.T.3p....CW...T....P9....2...F..........{jSp..|.............$.........I...K}.=..BL....NH...u.....&......./2...4..........v..u;|./.*s[.m=5....E..^ij......S...C...T.Nn.I..gg}tw.NRb.;.....c...G].'I...Q....tu.....c.t...b.C|<\.f@C...z.....8...K.@..~..Ahx.....rB....qSEp..p:....W-.....2......_.!. ..6[G.aF...G.....M...5y..2.....]1......O.~..m|..j..#.{c..w.w"I.T..W.K..]....7s..$..+..I..Wg..n ........k.^.v...5..%8.4J.GYi..S..^.E...[...t..U3.sg9.....a..4M!F)......8.....c."P.C.|g....j.-[........w..)......^...i.......!.=
                                        C:\Program Files (x86)\AutoIt3\Include\APIRegConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5093
                                        Entropy (8bit):7.96075472730338
                                        Encrypted:false
                                        SSDEEP:96:fbRv3IUgRSUWbnC3HSsIWXHy9UtBlrpEcMgLYd/O9Ii3/eqS:f93USUWbnC3ys7X7DgcMBZOCdj
                                        MD5:BBAEDBBEF8D4CE82BFE2D7E13A744408
                                        SHA1:E8DFD207FA5A0F4E7493A98AFF8903179C09BA69
                                        SHA-256:660F18A2CF8EA5C52526B64539823BB0C8A855836542707C85423A4F1B3EE314
                                        SHA-512:1BD80234267576DF7FBDF20EDF68233F97A5C51EA4BB4B37CC6E18028E6814013314F101F3F7B916A6FEDA6D095D49B8E0AB6FA75EB4271AC513126D06DB7262
                                        Malicious:false
                                        Preview: 1v.v.!7.u.<..`...2...TI~:....7._....%/..>.enP. .....}..g.....Y.;.K.T...R.....Z..4F..I9....j{..{.3..3...#..^.Zw.C0.[po.]....#..$.....}}...z.B.B..{.rTI..6L...U.0.FW.).3d+..TT...3..XS*.#p.R..Iwb.>3.M3P(. ...J=..1..H.&.......AS.I...S....%...n..N8.YkY.T7............|.;Z...}..~...}...z..=SH..i*d8AH....g...L5u..s...u.#......{rO?#n..I........b..BF/..*..{..pp..t...u=.d.2.#S.n..`3n..3.h..oCH..Qa.....$.Y...m.......Pqi..x.....A..2d....e.d..o../'..m.W..rzA.2.s......*.c..e......m...i.K..rw/.S).............$..............>V..x......S...g...ydt.f.........^W..x.....Z....o.......?.;..&.Q[...i...n.\i*.....[p.........0..Wn..ar.....^...$9.v..(...w06...?.ii3..9.Z.l......7.}........kG}y....LN....d.Yo.tR\,..).....x.j..)......l..J.{.}......Sb..`...W.;..VG2....,...b."..YzG.p..\..i.+`..E#.3s...f........V..1.....U.:.d..h.c....dpY...V...k.Sz.. .B..F..Z..7.J!...V.2......_/n....C...k..a.....j.XL..lG.w.. .{.5.."2'>...,...W...P...K.>....ieP..|........7..
                                        C:\Program Files (x86)\AutoIt3\Include\APIResConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7019
                                        Entropy (8bit):7.974601019164405
                                        Encrypted:false
                                        SSDEEP:192:3lYOKZn+srnPoGGt8lK6qO5Fi75JSP83ZI7ZvQvQWxfNZ:yIRDPWvgJyhdQjxr
                                        MD5:E067C59DAF5CE2AFC638FB78DDBF1A2C
                                        SHA1:244F52D6B3C2775570C670D5E2A68C58402DD738
                                        SHA-256:B0246BCCD70A02438B5E554D5579433884673DF7432F2708432EC8F0D34FAF53
                                        SHA-512:130567E3BED5C67C67E22B447C3E722DC0DF0D6B48A8F19BC501E6ABA54991396A2BFB98FBD1BF431830A2B7292B4CDF0D1DECCA817DE80DFD1FD6C41987BDB2
                                        Malicious:false
                                        Preview: ........*j.QY}.G...EV.'..V.z.2.....q.}vIBL..e......,....0....X.uF..".F...=..u.L...A......*p.h.H#.=8..FafP>.w......n..l.).....K.Kr ..A.*Q}..=d....p...G-Jj.$.....w....M.0g8.m.-.......$......B..M...2r....f..c=..U.'...X.......P...S..............i&.s.u.y.c....@.*.I..|.??.b..X.....".6y.5....{.<O....LW.M.....\.@V.....3U.....6......[...Fm.*v.....Z3s.##.....n)..W......H.j.A.}.>...\.=i.|ET..+.......)..&....&.C..A'+<.t.}....}R.Tk.I.8....x...M-&F~...;...<.5......(.....*mP.?.z;..1........G.j............$.U............k!..../8.i.5|.....8.y=.#..ge..L.7/4.P..Kl...AYb{e[...Ru.2X..6.<.+.u..C.]r.p..h..n.@.K(.S....on](....1..]t@....>.4J+|$..Fh.S..s..h..)xl..ad...h+.....].{..j.f...|..?..M........MM.....Oz.H:...cf...$4......\..b....<......H.JQQ.,..JC@.....M.f".]..M.H..p.u..PC....n.V.kLFu...F.<3..!.6.@..B*.x.}.q5e.#`(4.K..R../.l..x..a.:-~Yu..O%XJ...A2?^..D...0..#........r....M. ...X2..|'4....2\.4.m.jl.....2.K.z..N...x.,...Q....zD....._)A....:.D.o..+.<..1K.
                                        C:\Program Files (x86)\AutoIt3\Include\APIShPathConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3705
                                        Entropy (8bit):7.940416526268319
                                        Encrypted:false
                                        SSDEEP:96:enEB438AoECwewcujh9+pw3cUJiPTdhPEctNk:enE6uwewXjhEYiPTrEctNk
                                        MD5:46113BEB79D5937F364713276171484B
                                        SHA1:679A66FF45D95642037AA898F888AB6897D241EE
                                        SHA-256:9F0CCDB36C96D366233D9ED028FD8A1A8C1B29241F74CF1C7CC43DDC160811BA
                                        SHA-512:86652177FEA4626C7CCC28A4C39870C90CF8AC85C47D8758043F5785281C665DB29908D90C207EB2984755DA8307010EB89F565230F24E1FDDF4082510743ECB
                                        Malicious:false
                                        Preview: .k...n..........c..Ec.E7...1.4/.J".$...B...wTk*.^*...9.F.b.....h.....\.#n......hW..4!w]1". .ha.T......yl;.1.A....5V..V....... ..X7.h..2.<4p.C...-$...|......g.>;.'.-,..^..Nec{..l.o..L. ~...?....D...dz./.`._.....e#^.....7...A.m...Ql..*......z!l@..._h.r....&.Lz...H^/..p.#...I.H.9.AO....kc.~<_~.mt...XgQ..MZ.=GL.".IS^B.....Oj.5.J..A..C.....&..S .QS....[......f.-R'.#.....w.c.V.Id._<.o.......0...H-LE..."[.BrA.Tx.r....C...4.T.\..T${......[..WU<|..;.J5...4.k.!.`N..j.m.+u*a..w.3-...j.{G^..n.g.............$.c.......).......zqo..kO4.....!..}......}..G.I.....$.$..a..Ua`E.0...#3e.{./.8F34......:~.SY!$P....i..g...u...J..F.F..d.:..Zp....r.j@.......b.g....g%/W.....$...^.W~B.lgLe.-.......f..[...S.....n{..#...G*.:.S..........|.;....L.2.....j.x!...........?E...!.J.....-~RG...!...!..-....%.{J.."v.......u/.....A...3._......@..).......~.<.U)W.........F...W.Ln!.8.l.._..V.#......(....../....?......../\l.fn.C!.-.s.....?.I...p.T../ uz`&.N......L....4b.]W..
                                        C:\Program Files (x86)\AutoIt3\Include\APIShellExConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):33643
                                        Entropy (8bit):7.992904887483126
                                        Encrypted:true
                                        SSDEEP:768:eVxaQ39l6MSNDDXQWh0tFc8uqnXuvD0r2AwOI+R38D2uTqmF2Bb:eVx7rLSNDDXQW+3VnGDkFZ6DfTqmFMb
                                        MD5:47BD95C2FA511FE5EF0503A4BB6D9071
                                        SHA1:DC04B669B91C0E2A9D18E3557A00DC5927C086E4
                                        SHA-256:4EE43C78A477D4592677D8AED1C7FC75B27080E4D4EA9AE86B95A770047E2EEB
                                        SHA-512:93CD8AC9E408E682ACCD8636A840DC9455591A6B1BED22939A86F1652F8CFADC75CC87EFA37BF2F10CA7B4163A1C093B8D2D03C7E8AFB5380C252C9EFC33690D
                                        Malicious:true
                                        Preview: \#...eZF/..."1..1.....!..o......>..RT!F.>..v.s.^.g.O.E.x....<4h..K..N.?k9.ll...m.......Rr....9.I.Mq.g.&..L.ltq]..n}..lSz.&k.4.hV.&....P ...P.T.C..d.;..|..g%.0.(./..K8...\........m......B..."..Ps..rk.).1....p...a.n?J.....M2..|.V.n...6x.{.|>.+..Qu._} .....X4.'do.W..C.n.#Q..W.....^.7.."t?..%..../.......>.S..;#.n...U........ZE.f.w.I.*d.,"..O.P.q.v....L..1*..].J.-0$.h.9>.z.W.Z.~fj.W.]*.\...LK.8"0..U..n.9.n...c.....GRu...0]r2:....O........;..%;...Z6....7i.>....bX....7A.......nz.(GtLh............$.U............\.V."^.*..~9..K...y.*r..k..s..[.Uz.m1..]."X.8..l...b.....t.,.<[.#...Db....~2W...C...j5..$..k..1A....9.........#..z..d39.H-.E..f....aqy/#W.jU#...J...f....E.M.8.. l.1KP.;...d...Q..4c...$..c.y.NG.%....i.U\N.n............1...=.... t#.S.Si...P+...f.|.....9Rib.k.0..(aZ.. ....\.....`..$1....."..&9$.aY....&U|{I.k..>.z:..7&(...H...6.Nmc....E.\..'...].*27.p.u3.I..Ny|j....=.N...S....wj....q\......\..S..|../5..k.......6..4......*.....$..
                                        C:\Program Files (x86)\AutoIt3\Include\APISysConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):16746
                                        Entropy (8bit):7.989359576247718
                                        Encrypted:false
                                        SSDEEP:384:t2g27iD6IdKQ3iZJ6ktD52l01nBx4Xf5USf3wTI:g7xaKkCDDs3f3r
                                        MD5:85D5E61D2794B10243A38FB28B1BAFF8
                                        SHA1:999C2575E3E4D75E0FEE295699AFC72C9391404D
                                        SHA-256:D2115E381270D87D0116CAEBA50AF0442190581ABFCBA4B26CFD0A254FEA1D09
                                        SHA-512:657738D916088D0A20BAB653D1C8836A0B67EDA10ADB321912B9BEAF7593A65C5D202113F3C32C7744025EB9806398FE0E80CC6B636367C02DE80668D1B42A42
                                        Malicious:false
                                        Preview: f...f......= .yX1.Z.k...O.K.C~.6s|3..Q..U.F~..........y.<..$a."...c.|...>..V..o.h....T..T...+J..^5.7S2u.......c=..m.Z.(.7[..h.1..t...z.....b)..c.7I..F;.v.........N#X.XX(...r5..ax(......q.\.....S.|..(.8.....i..X._B..,...8w<>Q.g.."W.X.S(5.i@..$.r...:...x.Z..m|G.....Vz....L.........=.t.x..3.r....s.r.p0R.<TaHs.h[.1.......4..h0..,.mv..'...;c......*.y.?.&M..[._.l..0.n.F.J.}1IIH.](...e.|`?";j.....*.v...L...sEx.Q.*!.E..K.j.+..g4...........XHHX..G.^....26Q.O5N..?.1.@..z..R...lg.....5*pD............$.T?.......X.Q.j..]....}....=...)...._ef..R..n....Z?....0..E.5~.>....",.P+..[...|-.O`kS.=.....zw...y...T%f......*.|..._....4....q...l.}ZB|.^..I4R...._.E.F]M.I.8...%.~Z...ZZ..tC..T..Mw_.../.A....hm,...]".N...v.^....X0?P..df..6..E...&Z.p.v.f.s.j.Q>..]RX.mFX<..5.../.JJ.q*.RA.$.....y....,..9V..`xb..)...j....2k.[.........F..Q.t..]..F.f\c..[H..|.........+...wz......{...9i.s>|^....?g.....f..,....#n...DP.k-Q.d..$..lL.Swh.&h....s.`.94.=.ZV..E.#..$...d
                                        C:\Program Files (x86)\AutoIt3\Include\APIThemeConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):12386
                                        Entropy (8bit):7.98570544797451
                                        Encrypted:false
                                        SSDEEP:384:e8toFW+xfI9/TO1728EITz1+Jqv89M8Dx4ClbVyK:1MxFE/U0sRY+Gx4W0K
                                        MD5:20517875E4347B4C2AD608711102F644
                                        SHA1:315B3B3734E7555666CC2B693173C1F51990B4A5
                                        SHA-256:A3FF637F5BF408EBE5670511F00D787EC5CCB2EE27822A80D6522F0996A755E8
                                        SHA-512:164AB29621F9928B58A4E212A2112252D2B1DA3EA775DD3D3EE9C2280D7091A6A984B5941FE0134D09E844A472D6F3FD537C25691EAE578EDCF42C06DFF90489
                                        Malicious:false
                                        Preview: U.........L.a..v9$...^...~Ex........G=u.-...S.:W..$......v.../..`&.~...;...I...1....|W%..R...s..A....t5..Ji.x.9!.#Jy. ...Iu...y..y...m3"...p&4......qRh..E=.I.]d.*....$q...s1...*....7...kKs... f....K.tz.....dW..........T.MS1..y........ .....{....Q.z...y&..............H..-..."...Ye....i........_z..............;B....X.$cq...iR...q...'K.;....E.....Na...t...b$....[...QRxLN.4..{.m....=Y.........k..p.....!..j$..w.o..N>>r|..a}....]E{~.1Z.y9...W8.o...\...~...h2..9.*(.....<.~=......|/...I.+7R..............$.L.........j.eaH..E..N....y..m...+h.X.[]..o.I ..9.mn.....wqi.y......C..<j...[.r;.e....v.L.,.=P..G;2.....eq.z&..7............;m.m.4..-...b...tK^..LP....b...A/e2.....U.%.W3b......i.g..D.....c..j.....K......v.i..........j...Q........a(].Qb..../&...8y).D.1N[JN....9.I.d......J.....+.9........A.*.T.....Z...n..u.Y..PA..?^...K.t..d..>..!dM...c.I.Y..p..8..,.....r...KtB....*.M........Th.`._..5.....i.,..GE....u......u!^IX......IU..+...C.2+.%A.........;
                                        C:\Program Files (x86)\AutoIt3\Include\AVIConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2117
                                        Entropy (8bit):7.900796912521246
                                        Encrypted:false
                                        SSDEEP:48:njv85DfnmCDq/8SDmZYqfOMSUqGDZs7PwXB4vyTMLng:L81mCDquuMZs7PTCn
                                        MD5:C684642E0B2FC874DAAA0A15B9D639E7
                                        SHA1:59EF36CC21F9B703E4F26FF82C6807FA70CA9346
                                        SHA-256:63C5112E8BF9A60B258D557F43C68FD26CC109959F174418D421B5780307ED36
                                        SHA-512:87BCA491C87B8FA89EE92AB240D4B5B1D9C994709056CE2247A61E515ACACE58BAD18FCDC61AD52940DB9DC84FCDB41BE59C951CCC30C1BFF0072BD6A44356E9
                                        Malicious:false
                                        Preview: .U...!&..t-..f.W7....sb.L..+..rc.A.L=.IuIs~#..Z.K..!x&6...p}..L..h`_..F\.. >..0....6.i.l'....T.:.pV..y..[~0...w7.;v.F-...p..EI.m.%$".=.M..cr ..|+.}....L..c......]2...............dFZ..4d.U...v1.....=..l.}K&..{.]....z>.8..*.'....L....<"..w......5..[N$.8.:..TW.)..[.XE.mS!.8}..SMMg.$;.!.1c..4K.w........+. .{.H..C..C..g.....gj.+....(LK.0.%.[....$1..Q.....c.........d.....fP6.~.r.5..k.+..{..&...y...:...p.....b.`.>..@.E..\U7<..l.5}_...Z....<r.fa...K.d>...u.. ..GgE.G.t.C...<.[.Q.p..%...1.2z".!................$./.........p~.~.....e...BQ......W......#..W..;.L.......#.U..n....I....W.J.....bK..p......... <9Y+........<.:..yZ.....7.Tz#.N.$f].&F.L@.Ko.T*..uw.q...x..c...+@8.?...L`...0l..\.Z..y5.F.F~..,g0.A}....!Yt..(...x.....:..._....^G.L.p.;re.3O...7......X...G._....a...R....$_.. ....[.hh...}....L.{h.."'.....'2.....f%. .....6p.......F.7..>..A...3...GN7.E..2.Q...3../.;[_g(....^K.3%.g%.L....'{[.O;.6."..:_..;gQ....|.Js8......v2.>[C^...P..o.S....]#..
                                        C:\Program Files (x86)\AutoIt3\Include\Array.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):81595
                                        Entropy (8bit):7.997590261919861
                                        Encrypted:true
                                        SSDEEP:1536:+NZxHaWVkDsA361nk9AyOmTFlg17G2589VPkubX6XnikZ22DekIB:q1aWeYE61kRxWY258rkubKXnGG2B
                                        MD5:9E670CEDEF1256014AB74BC1679CF4E2
                                        SHA1:A93594F96B2EBF6A98CCA169A0A90DB8D2AD4921
                                        SHA-256:30BE69CAF9A6CCC232465195E117BD96C8E57570A1F45C46BF881AD783C8BE56
                                        SHA-512:AFA13D8AD14DFD661D7B8D487E8E302AD625EBAAB26409DF1EC257325D219264F4A341CF5B7C5B8DD6B8A13685BE73546B4B329E70567D7385D8D1E00CCDE93D
                                        Malicious:true
                                        Preview: .k.G0... qE8&Ms.z+6..x...........t.T...J....j.........+.U..8.+3.S3|!T.-.s.l.u(]..VD.{.9._............C...'q........[...\Q.WQtf/ 6Q.......0L..Y..?....../v.l.nV..zK..v2g...u.C..~.).Q.8.E.d^y<....C..x..C.f.%.P..............'....`....*../..;.GJs.j...c7.$.S.....w...8.oFCMt.@..=..:eV....tU. ....-T.6..d.TZ;..A4....JZ0.qTJk........_e.....#\..8.:..e9k<...XW{.A..L{..>0*.!v..Q...X0Kx.....+.@.....(..&|R....k.R....R.........$H..G.,&....Q.$..Ga.Xs..7.....S..i..v...........l$T.0.$................$..<......R..S^M,d.[.8|[......^wE.*...SMh.....oFO..;.KY.*mR.|D....8..K....?.t...haZ!.iH\......"3+..Z..#5..c.g.Om..O...o.....y...x....W.=..%z...U~o\.....0...&.px..Q ...D.iv..=......^p.E.AC./h..g....5..........Z.....L@..|..k...-$.Zj.5].z...t...].....Q.7f...trC...{..e..E..xFD.K=.. ..H...4...3.....V.}%Th.{....).......2..<....E`..!.)k/.4..U.L.J1.B-.*..a.K...$..+..*^).%..L.".z..2...u.2...5...c.DE...a....q.n.ta.....-....l..?}v.l.........b`.........Q
                                        C:\Program Files (x86)\AutoIt3\Include\ArrayDisplayInternals.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):33564
                                        Entropy (8bit):7.993768504986335
                                        Encrypted:true
                                        SSDEEP:768:xzi86vFeyZlvPZk2SP7q9tkuWvKMOUye56YoyR4B:xzi8+FeKHZk2SPcQLrzQzai
                                        MD5:F0CDAB6457B2D7038AED081E587826C9
                                        SHA1:92C5E45CBAAD75CEB67EBB167FF72E720D8D0DCE
                                        SHA-256:CD66FE942D0B384DFFF75855F2A8021083A014C1EB11808AC7784E1242005344
                                        SHA-512:8B68A2BDF39E410F851F24A49A5FA14DB2EE8ADE7095EA19ADECBA27EA37887F8CF68EB18C477834DBCCFDFF472E9837D70300ED2DE691F736499F59C47B6267
                                        Malicious:true
                                        Preview: .1..]Z8n_.Sl...2?B...$...........jA. .u....s.`....g^V....U,s.T.(1..u..+.Z!..n.A....^.&s..r.+]Z.${......}.A/..wj.KT.?..#....N.....@....y..J.6._..?.8. ....S0-.B....d...]u.")lDK....U.f..ig....+TW..1.`... ..~+!........B...< M.. ..}p.`.....f..R!..R...a.......O.4~....|.....'89..G..Y..^.L.D#.V.&..f..`*.2!.6V...../.S^.....b........'...+..r.......xehL.....a..(.\M...B.c(,.p.."....-..6.xh....BH..2...z...X..........Y.P...G.\UBWW9....{.y3...\BbJ3bL...yZ...W..i....Y..&b\.E...U.....K.2l..............$..........g..,..G..sI..} ).X?..\.Pw.2.DKf.<.&.8|.......H../.....f.0.xK.y........D.S._.j...fO.m>|.s.....&.qX.a..5....5O.T0b...ye1....0......T.o.R".x....^.9+...2....u...l....P.....3.;.4.{.....Z:V......O.....O.;......h.V.ZWy.{k..n..u5.....K...[...D..}.B.4......-......E7.G\....a......qg. .#s.nFwqn..;..d..t:..s%..@.\...T"....K).hgL...~{..Fo..YA..SQD.F.Q`.;.6.......S.i..X].s..A..C..I..o..Th._A...=.1#.N. Ay|=.e.....F..[cw.d.].....q.|f.?Dv.Be.....>.
                                        C:\Program Files (x86)\AutoIt3\Include\AutoItConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):13757
                                        Entropy (8bit):7.985726266292047
                                        Encrypted:false
                                        SSDEEP:192:dcVjeYv9mnEOxoA73nugPziartPjXgtfTHvSaLn89BpYJ+M3Y1HecsY:dUCKPK3n/JtPDgNTHvxWBaZ63sY
                                        MD5:9F469FFE25651583A29CCD1DBB2AA8CE
                                        SHA1:7EDC95C12384AAE007BA47FA0620BBE8C3221ECB
                                        SHA-256:0BA18BC6D7DD2012438B922D9B9DEE6E64601F4794AC3B1BD06F8C75CE13E537
                                        SHA-512:08E88FE89B705DB473FAC01254E40FA7CA4A4BA112F7B7C66D441F94F55E9EBA866C44D220B4FB62D6E8BF547F82A2E59DD9593E8A2977E7566F00E54D5F8A0F
                                        Malicious:false
                                        Preview: +.Augw...}?h....~t.....M....H..P..P..V...N23....D....a.V.}.b."T.R...d .W.Bfr)...%.-;.)$#<....bHT}...9L.........^...-..~.9r.v.^..M......Ir.V...N.cSUL.......@.....z3.O\...d.v6.?..k..\.<.3..-3.e....w....c.Zo...n0.......}...2w.v......q.fj8..p....7s/.Z'.............7.A...0..9..E{M..L...TT:...G.._F..|.....etB.o/wb|.=m.Y..d9....+*z...q.R8.XOk.;'.GT..dP....}Q.}.o.TKNah#.eX.Yr.y.m........(![.E...N.......%x=.j.c....cuc@.....7.E._.0..\P..?....[.c....8...3^..e..oV..T.|v..G;....q..8@.O.p..R..p1............$..3......."g#J.pX.......+$......j.......,.A.wF[-........\3......M...N.UH..l..?..a..L..+h.".|.J.,...a.m=(........L.e...y.^.j.......&..M............A..B.Mc.0.{A"wz+0_.Ji.qF....YSx..&...`J.o.#.n|k..,....4...:TG'.......{. .l./b4.R(....2RP..r~...k[....Y|R...!`.-R4......A.<...]=.[.$1.s..e..z..l..AL7.( ;.o'...]4...e.H!6....$p...^...~._E......e..k+.2.U...+h#+~.Y6..<.a#..7`[...8.4m'.......x.Y).n.3..PZ.<...:..<C...5..d].z..5...wC...Pz.&Z.=..X..%.[A....x..0..I.T*.3
                                        C:\Program Files (x86)\AutoIt3\Include\BorderConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2654
                                        Entropy (8bit):7.922834342191402
                                        Encrypted:false
                                        SSDEEP:48:8DG/CHv6mgYrZ4gKudqiHMRpVYbGplayb6DsMev4gS0wbHOTs4:8DGMKc4gKudxMfV1plaQDr4LzOT/
                                        MD5:34BCDC0E8043E69CB4C500514C2DC46F
                                        SHA1:5A69B096FEFBEF0275361D2B2E9971857DBC2C20
                                        SHA-256:17BA602390183652DA8DBEB09CCD0A815FA717C933B8B39205BA2263B2535423
                                        SHA-512:45CBBACD2ABC464AB4719F7D8C45456CADF68196D6C85C86CE840F803A8721E08D78B2E1D125AEBB467BEA6423A80C7DE58F2A197C3105FBF253F986F358BE51
                                        Malicious:false
                                        Preview: ."..Qp.Y.....\..0'.t0l..x.UvA.x&;~..:Z....?.1..u...kx.....&J.5..k,.f............9....6&.N~..5.P.d.....B....m....O...C..3|-\..1...bi..qt.J.E|P.2..f..@.........J...5HWo3.z.r..F<....D......N.lFgzj;*....!....0~.,.r.....v.l7@:..:......OkO....1~..7..Z...U_.A~.....r.n.."-P.....J{....+...)D.....5nhN q/.C.#....)..C..b=."C..8..<..E....S...\.E.|...%.8.a..........3......9...(..&..j*X_u.-.M..P...l...H...G.kr..+,..O...-h..cB..S.....5}br...8...Ak.6.%...v..$...4.<uS.wL..H.Y.....,&...N.....U.u{............$.H.......c.....`.lQ......;.{..A....Wq (.i..w.c4@....W.........3....R.P.W.;O^..w...4..'.vs.h.........&..P,...!.D_.%..W..Y..e.T?(..i}u.3.......T..2....YG....:|....A.{.6fCNn.y....CS....I...q....s.*.:.{B..U...k.W;..Mr.Q.MW^..e.:Cy...*.o....z`.Q._.W....F.k.._.....E.k.....Rg.n...7...M......T..hf.u..HU..'@[Um.$.:.P..a..(.......w-.*......C.H9.x...u..>&.V..3.>.....=...J..0~.!#....X...2.7e.0v..%T]9......G.......+...M.....7.U.|.6...<..#..YiS..1Q...UR7s..u.+.
                                        C:\Program Files (x86)\AutoIt3\Include\ButtonConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4985
                                        Entropy (8bit):7.960266255655997
                                        Encrypted:false
                                        SSDEEP:96:l7VGnyY3uUwHe6bCsMpwlpe/5ppt+GVsbJerXTpbjwijUsy3q5QdmsaOwCd5zRG7:zUgTnU5pzZscDHc3eQdmsBwQzFq
                                        MD5:D767DFC0542996272761F60D922E80A6
                                        SHA1:64355F74E7B55955A48F960523CDC11282A50B78
                                        SHA-256:8168DE41D11737C9A3231EE8FCD6F8F10A9E4DBFED06F59427C5E023882AD415
                                        SHA-512:B35571373EB3E41C5AB539BE90AD2816416E126094E9309C26F0D9BBC321EF9CA31CE62CAFAC457155256F390091E46E2E1FB6FCDA84A17E113C424204DC9C01
                                        Malicious:false
                                        Preview: <.G.h...K29....9.cg...m+<j5.s..........a..V..R#%B.=.....eg.l........H...c.h..S1O.....+.^......s.GU..yD....e.y...*...........F3E.!y...M.9<2..N:J.....|IlfV.r.0..N..}..z_"...fT...>6:.h4.T.2.=.......GX.&S...R.beb%.2..%...bVs(]...lVB=i.f.s.N."z:Xm.......?]9-l..v.f.a3".m<.. ..\l.4Zd(....&..a#..N.....H...C...).5|_.N.#..^}.Q....$........g<.8.pa.v$._.i.$1.....0.p)tMwjl{.YOD...Q77UlO.E...........z.[.=.....kslX`Q.....I.r...8....Z_.c...[..../>....r.7E.;.L...X$..d>....d..."..\G...p.._...X.$-.R.................$.c.......Tu e...*_....x,.T.Xy+H.).Wn.s.7.].f>.jq....k`-tP3.U..D.z.....6...I......C..Y....!L....d...z`C.t.l.Z..t^K....\.>w....s..F..........~.."..s.a4.Q.b."...%]...... .....A].yf..81W.J...]..ls..I....V...Ny.iB_.BTj$gu*...H..g..H.^2p..0....[......H.1..L..2a.......j*.o ...#..Y.p.....'.tw.)..q..Ji.;....:......1.i.>......J.....l.....)..E.^".j.'.hsz......).k...Q..;..]..#.............I,.B.}f....3..7U...!.=c.....L.2.-"Y.sy}.../.KD}N.C.W(.R.y..#...[......]_X)#.(.3
                                        C:\Program Files (x86)\AutoIt3\Include\CUIAutomation2.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):48195
                                        Entropy (8bit):7.996649872456628
                                        Encrypted:true
                                        SSDEEP:768:HsCSxWG104QZW44qnmRU69XbLtHjcWjiOetDrm3Wayj2fDEBxJ4Fq:HIxxa4E7gRU69rJwRJXm3WaiIE+Fq
                                        MD5:1C68C0276184988FD4A6ABD87B49ED24
                                        SHA1:BBC70B2D5243D75B815738476AE6004F862E813D
                                        SHA-256:40F14471F157F2557C9CB36220B67C26B31200639A5DD0EEA797F9A4759D9724
                                        SHA-512:4861E76C969B7E7C9D206010B2A08002F26A34635DDB85886419009BC56FC5AE6973003ECF98DA2F4AD9AB08D5A8BC887EB15697FFDFCF5A3368CBBBC0BBE810
                                        Malicious:true
                                        Preview: .a.2..t...E.a.....7._...O.x...s.X}c,U....V ...)..................q..;.p..:.7.Q...Mw^....3o.*..|.0.G.........M..l....)..h.Y......\.%.l.dM...3...+.......[.V..U.Z.....a........H~...>.i..z...c{.._...!J....5$k...R..)...Y!..\.....z-....1''....Y7b.|.P.m.....$...\I.K9..l*...#....^.%.J..B.0.bnt..g._.,.+..F.....y.L.!..M.@t..9.z..Wb...8...gS.\m.~...1..>........B..........^...w.?.*.[....h...a.C........`...w.5......1.q....+U;...i.(h.P......*..cA...i...yo..e.1~.2..v.M.G......../...5..H.4z`............$.-............Ha...,^...F......?q.`..~3j[..FR7......I.cY.S.>.<... ..\k...A.L._..m].Ya.U.cx.#.b.B...3..n..;...%9.5~{.`.&sZ.o.........$..e.M....3..@.L.h.....#....F.m.r....k..\$b.....o{b".\n.....oOO.{..&5...........k.B-.V@.TW.Z/......lo)C..6........+.Z4.H.p........s...:+.............U...2....c....D.f.%Z.......D.k........0..A-i]a.y....<.*...E..:......i..-...`6...\u.l..Z.v...L.#%}....>..#..!\8..d(....k^+.z"....J...u._i.$....boi.8r'.......s....La....
                                        C:\Program Files (x86)\AutoIt3\Include\Clipboard.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):19516
                                        Entropy (8bit):7.989777662447166
                                        Encrypted:false
                                        SSDEEP:384:vr8oZuac9A4XYMKMo6NzJDqmMYYpnkpcSk2HNBHhqF7AYLRSprWT0z0ohIL:vwowac7GMBzh2YYpn+rk2HfHhqpt8prU
                                        MD5:036893112E97E9F8121C7FC7D56BB315
                                        SHA1:30F636045CF7B4526CA48DA0B4887051C275E8B6
                                        SHA-256:FB6F3BE2E52CE3ACD9AC57717BC83DA58842E60522B63696009282F876A38CA9
                                        SHA-512:44E4AD1722351403F03E28CEB492C9B210CA34F2311F63F97B8208CEC03ACCD3231D6166CB24A12A97DE059DA8B12C7D77AAE905F71B5FB4A4F4C9AAA9850DB8
                                        Malicious:false
                                        Preview: .|.`g.l..M..%...Z....As..*IjP{."Z...r.^.L.N.'..Qe.s.b.M]a..Z....q.*N@...e..$...\.0....k..k.N....\.A.F..q.1..7..C.b......K..%..T..q.I....b...A..g....k...,.v...wra.4.....L......l....NJU.f.>g.d...;n~....y...<.w.......>..!(..ZOZo.z.us(....Q....q..9.}.n.XL.!...}'2...+\......y..B.j...l.MU.p*.x..,....G.G...o.....f+.`t.u.<..:C....W...g..k..s.;.,{.x]........V..L&...........aA [.`Z.U....F^..PX...x..x"....M.i..S..H.E..&Kb......YP..i.;.o...'.B..}*vo.[A....W.h>....K.[W.0m-.;@.G...Rg.<2.r;U..H.".t>...3Z............$.&J.......ih3..zh.0oU.{.>Jy.....!bzq.L....J.IJ..U.#..._,mv....5..`.Tb....wI..N.\k.+..0[;l...M....&.T3P.{.=_C..........a....P...YxP.!....o.}..x.z.g0.P..2...){.oD;.M ...)..!.h...0-....h.b...i...M"R..|...G...Y.<Lc.6.ES.....R..Y....m..b.........:.CB{...%.......4<).<.T...=VU.:..7..%v.......k.$5#...46..H.y.J.5..j........A.._.........Q."h\V].N.0...1.Fo.M6{.......JL.......B..>~.."..H.7.87j]S......T.....W.i...G......_..).Yg.E.d^......u`....She.[ay..l.
                                        C:\Program Files (x86)\AutoIt3\Include\Color.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:DOS executable (COM, 0x8C-variant)
                                        Category:dropped
                                        Size (bytes):10492
                                        Entropy (8bit):7.98164656181807
                                        Encrypted:false
                                        SSDEEP:192:vIxbVzrZ296CyozvdR2pURWSohJJZS/3/QjJXiOH4pLPYpJ50Pdt3X11FfbFp/qT:vI8yedReqJopY/PCJy7ZP4L0PHF1D47f
                                        MD5:C2C3E7A342E71D8EEA95DD9767F7D432
                                        SHA1:40D4B646B8B940FBF97FCCC56DDDAF180D17E2FB
                                        SHA-256:E0E8FDC5DF4021734364F8C11A3A00CE8251AAE803AC963BD48423AA71A43EBD
                                        SHA-512:D57111B56388B0A2972ED49CF0BC4DD97F18D4E25D2698BCCC20ED5016017D79B44BB08D6089D893B747B86C2F853F7D4E4A841F37B13087B762263E11CF6DBC
                                        Malicious:false
                                        Preview: ..._......-...$.!..p"5..kaI.q...h.J...t......C.I..Cq..t$}N <_..I....A.=6.?.+(.t..r.D1.{W4...P..}..VW.,...........'.eD8.....F.7.Q.b."K.7b...,.l.">.d...r..E...'..T.C.4..b....z.@.Fa..........2...z...."./d5,....5N...l>....7.il.[....}.`Bh..........R.K\..~`.....3Sp.` .m..N.;ng.J.s/..\K..1..?...xp...c...6U.SJ...9O.T.5...w.c..#3...."b.\.E:#.......T..........W...S..?.M.lA.f..7.|..8.'z.zO....[g>HQp.h..&..v....36N...OI..kW..I...J`...N.~X..f...V.......H$K..pnQ.O.n^&......9.`..49.x..F..a..............$..&......5..v9.....H..R...*=GzN6.zdC......#..+.[..i.ye.`...........6..q3Dm.`d._[i.k.-..6LL..|.9..B.O..B...-..=Mqy.1f.......C....!.]}{..I-iRaK...{Y]..y.U.o1.(.....v9.. .c...n..3.#(H.O..h(.8.]v2....O.:C)....8....Qh.c..jX...RSnHJ..JI..".[..1....=r.,.=.pbU3...[G...>Ni..x._i...TN._1..u^.#..S.k...s......`..M....`...m|{..p!.`..*..?...A.... ........'8kw..C..|....h.U8...9.m.R.M..x...Rfs..K.;.i.A*..}S.7.v.rQ..u.....bG...T..o..C..f..0..n.l..]..rZQK.`....
                                        C:\Program Files (x86)\AutoIt3\Include\ColorConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3139
                                        Entropy (8bit):7.938024804875028
                                        Encrypted:false
                                        SSDEEP:96:adnMaqsM6++NNJYALURKEwCJLGdxUze9OHPuO5yF2I:+nMaP+yLTL03heN9OHPuOAF2I
                                        MD5:5A358428241BD5313514B3F43F86F250
                                        SHA1:60F33DCA4E9D69B91E518558B4DA2DFA9610BCEF
                                        SHA-256:3D144912F8C6DAF8D9A5E7834B8E0B158ED55B5CCC8C7D4C8776F1FF5A217A06
                                        SHA-512:71B92E865D222E91553FA1980698CC446F0668C2DAEAC9BEDFA61F2636F06A20564A6FD8C9E05608E7707D82EEC25B07235348642F13C23FDC610697EDA1697A
                                        Malicious:false
                                        Preview: .O...c..`...c.(....&.Qwu.xb.O..MI...D...).....9..b.i.-...J..I.G..*.....D...[.......2...L......?<..>y.,..fT....V....=.......#.}vb......;(.CBvU..S.3...1r.....4 .c..MO.n.v...F........_=.). ...m)._mQ.....}..}...6...p.....F$|g.....g..)..D.nY.....-..d.,...I.[.K.\.i.e..9W|.Z>....B.fb{..A_.N.......4...........5B..Z.Kry......Pmv....W..'ga..K7H......T.SCL......W.y.d.....ED......._..!-=..Yn5..k..'.)$.)..7.Wpj.........Y...y<......hI....A.n..]*A.n..........w?.,...UM....%e{.w.....p.....%................$.-..........p.PWo..7...1FQ._.W^.8:.^.e9..^..m.v....i.S\y*..#.O.t5S#=...?..S.s#...$._..X..Hw....>...m...S...n--......Ai.....4......9.]y...9"..G?...hrr.nJ^.b. z4.'......pX.H.R......).q...s.:Zj(...;a{..7.>..za.@...x2...>m..j.!^Rj..&............&"..T.J.dZ...$>.[ .}=.;...M\..#1t..#....TC\.#n..;....4Kj.%....(....m.r..;..."@.v...+9.].v'Z.pp;f..V...Z.W....umz.........U.............FonhE.@.-...P.S|.-j.W..G/)..O5..#.CD.......f.I..!=^.Y..hiE.Vb.N}..P.3~..%.F...d.
                                        C:\Program Files (x86)\AutoIt3\Include\ComboConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8305
                                        Entropy (8bit):7.976895239005523
                                        Encrypted:false
                                        SSDEEP:192:tu5q5/a+S6vny29wBWjdgv6MD+TNj0LIBTJT6FhNDyGOB0L3GBdq:JvS+y29wBKyv6MD4RKIBTJT6/N6JE
                                        MD5:6FA170AD4F4517E6F973C75236084983
                                        SHA1:4CDD03D3B7BFF15D1A17B522E0AB549D4D252A7C
                                        SHA-256:2F696F471BDF390C970EDDFD97F925461BC3E527B4056E1C1B62CB828A3AB137
                                        SHA-512:CE8CE55EA79D318CE73AA384D710723FB8A2D2808944368A112E795B7CECA55EDBED5DDA31A37F781E6A85D723658AB397E17349099FD8E9BF60B5543C2CD7D8
                                        Malicious:false
                                        Preview: .WD.s.b...9mNF.0...O.M....5T...qR...].,}.7...J..Z.+7.u.}..7h./.m.oS.?U..4._+.4..ckB......Y.B>...rqSK.E...".,.#..C$.}..`|P...\..q..:[......O....Pjr..IO..........]..tb.c,dX7.Q_....8F"#.?.(&a.A.........0@...^...$.........]C1[>u.....}M'.._.>.Pj:....y,..g.....K,.@.}..>~..x...3/U.T.y..d..j...q.H=....?...Z..WA....~v...`....dp..!...7.wV.....Q14...H$...[...A.Y..........H[.]i.!..}...f..!.....P.r....u.]..h...Q.'r....'\4........>...0.:..j..@p......}0.......8./.6.1.\g...,E...8(...+.X.......|k.[............$.[.........yX[..n;.;>.....=?e.u.5@.....0d}..%Q...e....%^w4M..<.......E..[.....BT.. ....8.63.]. ...1I.i.ey&>..g..pK........O5...>..N.:...V..Q#...'.U$...0H..An.....%..+..V8.t.l...%p.O...q..a.g...#.)...GA.'..jw6..m...|3.8..s.....G=.s\n..yw~.h.....[......7..{~FR.tm..1.I....6....u~.....'M..D..(+.........'..I...j..~....y.|.o..._=..*..4m6+..7../..0%..`.E...Q.W.f|/.zuc2jS..5...;u.G..%.AX1.BF...F.|.-..Z.[.P.4......t../s....O.4...3.>..)0${o.h.a.Q.j.'...Hsr...Z]HM.
                                        C:\Program Files (x86)\AutoIt3\Include\Constants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4767
                                        Entropy (8bit):7.9592235181044435
                                        Encrypted:false
                                        SSDEEP:96:p6+849UjUnzPj64xMxTvHihgr6MhaS8UWjSpm6R:c49U4zPnuTvGgLhaBjo
                                        MD5:ED9C43E98DF5215145600E40D11A88C8
                                        SHA1:1B1969BF9511751F961289E630C907798A8E9A82
                                        SHA-256:1CFDCD5E22B178C66A3337E5B04D00A1F34FFD89EC4169A7E4062349D117D795
                                        SHA-512:25E9B19213ACCCC8BCE43E3F98BD3715FFEE0B416E90803C65D18565EEC50F6D6DFF260D14862F6E3B02EB5CC669F998CDED8EAEB5E32C363AAC88004D9D4632
                                        Malicious:false
                                        Preview: ....$...a...h..j...0g`..+..[R5g%.&.;.....6...E.(.!.sP.y.Qhm.l4l...-....R..AF.2..h..7x........{....@.......}._.a...g<..A..Q.2<~.T..,*].zA...../....HZ.".K....Z..,..'...n,.n..W..zW.\i.......(_f{-.0.../...Ri..0R.e...T..../R.!t.r..._..b[~J.\.|.YCo%S.\&$:O..Evp..V....'....nw...+..{.o>.......6.&...c.U.......&yN.....DY...<.w..N.Do.....;F0...6...g.'. .@....p...O..YA..0..J..!.Q....."... ..."h!w....t>...0....=.........5.U..`.._|......ye...I...q.l...ON..)By..cSu..ElR^...Q...v.vl.|+..M.O.2.Pk............$...........B.....P..4ET... ..D&..Zfe=..6V..H.......f...&.^..$...d.....k...4.rv.4....4L2.......&k..keqm.'>]=y.....mv........D.-.D?..P..}2.>An...t.1.n..L....?...8A.?pF].......{.E&.-........n..0\J.{.;eh..3.>..D..4[......5to..... ...g!P.7..9....Q.F..]xF....%...g.Ipf7..1`!....B,..S..BV...........lw.J.6.....?...bq......i.p.7.`k.=I.,/3h.)....*.D$..aP..!.].@.\..q{....65.................;..b.....U..hB..M.u3.eh.....o."Tj........E6u... .._...[\U..
                                        C:\Program Files (x86)\AutoIt3\Include\Crypt.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):27829
                                        Entropy (8bit):7.992851763729976
                                        Encrypted:true
                                        SSDEEP:768:YeXggVeXtdZ2qyadttG2+AwsFklGB2uHxeQ+JcTZ8VMxnieVWn:Y64d+GtGgafQQQGcFFxnPsn
                                        MD5:F224349B6B4A5512352C08A45C8A496E
                                        SHA1:2559C02BF5248308DAC5E66088A5CB1094DD9D9D
                                        SHA-256:2D1C28268750DB27B98AE535942FC84DBE2760276E3A7A53C28DE61D9A0E4D17
                                        SHA-512:6D0933E717D0D66A588C4E0C9F577DF9C254180E7A48BA06A5154142FDD22127ADA4E33688EA0AC1AE205DDB0D31B745971E712975FA3C9AF5256BF7DD4089F9
                                        Malicious:true
                                        Preview: &.w7.(q'..d`.>5.fC]...)..q.:.Q.:.<.[......@E.@..K..X...}.._......e.....Wf..N4d-.7......[C.\.6y.....W.......^.y8.u.3%...pHjNf........F..`,^....j.u.....8..X......*w.....mC.......6.c..8?&..+Q..}.Ue.=....DVq!5./....gX...L./x5.U.A....`A&"f lK..U&a.o........u....B....q.T.Zv.<...U.A..-33w.K.Oc#..b.........k..m2....>G..?%.X[...........h....P.<.m..........;(.qh%....."9|..oo...-S.p...[.... .......' ...A.o.%.?$.pBJnJ.p.....l;...E..'.3.v..O..5......u.WY...L+.n...G...a.}...HC....q..j..@\............$..j......vz..X&....B.*......r.'......H..B..w..>.b.(p..$....F./....X...-.../u6y#E....t...P....7.....v|..*caX....N.j.@..l.e..S...aO..#..K.j=..<.~....L@.%;.0....N/..]5Q?.vA......T.e.qN1....._W.7.v6...k.'.T......./!.X_...n(.hA.....e.....9..<uNH.&. e.L-..f.b.~$$........m..VKh........\.hO:yu[o(..K..P...AY..PS..t&....7.[..U....E........r....|.}..>...UP.].(...6Q.....TT......G..f...UUp.M.....Jr$.NZ....R.<aD...(.;\T..c...1i1.%Q,.|.>.;..G..+.......ej....5VD....
                                        C:\Program Files (x86)\AutoIt3\Include\Date.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):83418
                                        Entropy (8bit):7.9978864520950514
                                        Encrypted:true
                                        SSDEEP:1536:BKqbsWJxRpNkRE5nklhhAbjPG9Dm6vEK7Lx537FBgr6WxYX4:AYsWJhV5k5A3T6N7Lfgr6WxYo
                                        MD5:128E132F4EF9735798DE28FAF60E7AB4
                                        SHA1:5940AEA52034F390D77DA9A14BB84B619DCA64DE
                                        SHA-256:9BB02F7816B80294008B1CE7A85E9780F3E11C5BB9ED010C75650E86285AF2C3
                                        SHA-512:F252D7E5EB42476D022A32A4F4A472A5D1A325E75673982229B75207739D66FD17566705D25419382AB5AFB3DDF2A20CA499736DFDC3BD436A29483AB5C595F3
                                        Malicious:true
                                        Preview: ...w~^....E/....f..v......+..bT....."%...S.t..$.m....2....._1N.n$....n...s4(T./.u...C1.?..VG.v.. ...-.}.......^....k>....S....&.'l...(2..I.....f;....0....h.....N.v_.....z.......$..th._..hbq..0.+e.-e...T...........\%..B...r.GN..'......y..P..e.S.FW..p1B...5@.....K@.3..zq..d.xo.88..,.&...J....=..T.,..C..fFN..Q.v....OT.2k...u,#.d..dA*..<...).M.a.y....D...y..E..T.:...5.+.TE.....P...@...J.s.I....P=.x.y.=x..k.~Z.1...0...Z=....v.......1..).2..p)...,..U.9..Rg...$CT.........L.........p...............$..C..........De..+....H.n6.g{.[`'.Z,MGxL.......ZU....x....dFh.....c.v...<0.S....".3..0.0aW...!..3..)i..E...a.T.n.SJ.xc.......&.q....D..P.........yDy....@..\...<...7$.~?'f]....Z..k....F,..Xm.qu..._........ .?T..PE4U.....d...4.i.a`..6.6..m.].|..u.+.<.i6.0.......:...$\.......x.dC6.{....[K.^^g*QT...M..7Q..k..(*p.u.?uN.Nw..d..'.:\...4.Onn.C..B..^..~S%.D../..Z.ihFJev.cB...u.'w<S.....$|...Q.!.%...j.h.i..:....I....B.I..LF$..[M...........9>......,.. .]..
                                        C:\Program Files (x86)\AutoIt3\Include\DateTimeConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7588
                                        Entropy (8bit):7.97544645474479
                                        Encrypted:false
                                        SSDEEP:192:5J10mgO0xZFG2J2VswL4dCOQw8BscRR8nfielCF7:5J10mgTTldCY8BJRRmfNO
                                        MD5:9AF7B96A67223E7C304F8BBE020D6E38
                                        SHA1:E4A0E2B9C1423DD873B1EA6EDBB8759CCB8D7A58
                                        SHA-256:66501797E5584C407A2D4115AB9D40596E781A1E09E9B46533B467748BE601F3
                                        SHA-512:F6FD39905A5337A8540D60C426BC0906E5449053A32E9B4B99047F2E7B6EBAF610A395ACD0CAA9A2FA032DF1430960B733970C6A1AD6FEFCB9253F90CD10EB0F
                                        Malicious:false
                                        Preview: :........+D...{!..0<.,..}........Q7...t.....LiU....6.`._q..(.iG%....-....Ua..8.....(..?.s).S.K......a...@@.......Y.....p.LMr.?.L|*v...=.o....F K...oA.Uf..h..e...U]P.i:I......d....d..s...J.F[..3.e"7u4..b..F.[.BW.a.$.....)c..H:..t.n..a....+.....m..O..G.k.a..P)">.x..../n.(~a.f.P..3E..@+.'.\..#..N..,.{.P..U.j(]*c@.<..S..I..8.fP....u.k....QR..C.....4H.kt,.....k.f..s..t....o..#z..x..q3&yW../B...9.5.f~i.t^..zVx..F.).:..d...W../z.].&...j...y.1..#5...A.@E.^.....ig.PU...G...=..G"....n.....S.`............$.....................M&...4d...&T.W...\,%m9..(>..5n.Q...d{.N............rR..x...V:V.=.>X....u..u..]..gZ.!.%".P.e..,....@!+....Bo.k.m...XRM..C....-.........6.....-..y.no......$p#..\.....O....)C..Q.{.-.u.,.....7.8..g...g.qL{/oJx4."7..V.<5........$(=...'..2...;.... ..^m..5.%k...Ki..;....\.sA.....+.. a...:..&.N...t...gx....0..@C.*..+..#I.......z...-]$....%G.......h@?mx........mZ./...N.E......WP...=C...o.....V....2.G.2...1 |..S..%XFZ..Dj...H{>.[...?....
                                        C:\Program Files (x86)\AutoIt3\Include\Debug.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):27420
                                        Entropy (8bit):7.993257281921818
                                        Encrypted:true
                                        SSDEEP:768:Uf90NEkqMmbUEDoihQj8RTRhm5JYVh8wgRlyU6GmZSc2:U3xbUlj8BLWXlyU6l2
                                        MD5:85A94D747EE6FF0C7C8CFAEDBE88C5B9
                                        SHA1:566869575F39CF2D955C49E7568AD88A68F4B921
                                        SHA-256:6EE42B7DFD84311A1A69BEA130F301716AE5D11B4175B1FA709A96B59879984F
                                        SHA-512:99CD1E3918F0DB54F6B943ED86CBA7CE7AC0031D2C1FD52C3C147FF0153FA47D5E74202B02622B3E5ED3064D5ACC62115EB76B53C48C1BE7CBD235AAB913A6B3
                                        Malicious:true
                                        Preview: .../.Q.'...6@q....j..-.c.Y..Ovh....yXx......>.......p..sJWt....v..=....h..D........=..........."SE...[le8e-..*.P..{..t..K}..k(1..Q.}.n...W...@......0{......B.QKAP..4...Go-...Vs../.`.......h..vV......r.*.f..#.S...Fq8.5.....5..\.F..#.L....$<...tJ..g.L.:.......1..".@]..Q.g.w......0..............?F....i._.9...".=.@.c.w.s^....5.QKq>.f).O.&-E...Z...PA.H*.......(..i..!.^D..1.^....5WJ.R.3.i..2.e........".{5....*y...`..l.^.M...D..I...^..|.{...R.D....:.:s.{....Q..Y..Zh..vz. . Z%..?T5K.YQZw.............$..i......,.Dh.V.$i...\B.{...O..x..j?3...hx......a..Y.J..y..>RC.a........'..^-?....m...-...(.}...?.Y.V...b2k:.!..e.N...\.).dJ.3A.2.6%A/....p@n...Z39x.l..l..V..m.........&q....2u..W^..k....g.V.bUn.-b..d.>uU..?.b.OB..........z. 2q.AvL$."T.....U).\#3[...h.]6.1)]"TnN..,.po..M.f.~BQ.M.V.]V]...d......;\.E.....WV....../EJ...R........sHn....F..>..-r(....7A>..1*e.q.7F.K5@WJ...L`7....k.Y.(.g.R$!.u...!.....[.[..;.y?!y..+.M........$..z..F.2c...$....J._.c."[
                                        C:\Program Files (x86)\AutoIt3\Include\DirConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1629
                                        Entropy (8bit):7.886971959860741
                                        Encrypted:false
                                        SSDEEP:24:LuaNHvRc152wKID3jjofai47G7xSXKnzBCZ6ISF1y7cox56jy+XHJzgkZxxvpo0k:81VfCLc6n4Z651y7c+5VUHJz5vpo0J7e
                                        MD5:FAFEB0A594670D1763BE6BAEAE1DD4EB
                                        SHA1:F95E9F7C8041B7E314BD47661CE389C20C4F2726
                                        SHA-256:1E812FEDEBAF2CE89AB96B2135ABF33FB32C80E768E840581F6601E7AE68B04D
                                        SHA-512:F9F3DC2A58479A5BE755521E0C9DE359EE6D24E2AC6E7045B8CE7CCF7DC3FA12CE9920B2A96E32AECE2CD5DE23958950263DDD4764D5F5AEE020BE8376FB064D
                                        Malicious:false
                                        Preview: .J....0.L.;.:2.u..&0..R.wZ=~.h......,....cT.O..._.Q...?..Rs.{_......5.8$%.#m_~t.b?...]........a.P.V...KB..'O..a)...5..N.F.._...h.B....n...Cn.Y.k..........K...!{d.....aW....]Y.n....U...V3.Iu.M<\ .=... ].....X.B.+....1..h..9.C...5.x..1...1.:\.;]...F4..1_i.b.O.H.H.8[.J.....M...........5.#y..w..5'..y.5....%......g.TF...*......p]..A.J.K.o..|e&..E. ...}c:E.}...b;.j...:xA@. ..|.z\....u'1....M].xHa]..%.....[.s......?7r....$.9...2..{.T....q<..q...L_...."..]x.G.B.]..R.S.....*..J.......l.EP...o............$.G........|.......:......B.S....zM.ge...o.Wp.hi.+......(D........a....z.....']...*../...L.P?...r.=.SR.J,..VT.1.'..3..2/0A.b'..I....,.j.6.....~T.!-...../..x..uD... G..b.UwQLfh..#...:G.L.J3....uV...g.I...T....`D..t.,O.Q$dl.....#..)I.....z..|_..v9Y..T..\..W.;b{.....!..Tl{..A.......>....u..X....`V...*.s...o...oQ....V.-..4.....{...T#.c1.C.]...........%. ..I.t...aA0.o.e..,.\..=m.R....S...0B.."`s}e.....z)..sOhn...r.Q....>.U.......D..3..>.]..r.^...R.
                                        C:\Program Files (x86)\AutoIt3\Include\EditConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5368
                                        Entropy (8bit):7.96517084058468
                                        Encrypted:false
                                        SSDEEP:96:+R9xfWKFy/CTe0LG8HRKBckLNOxp80BJ6cmdzK9ljupsslXSduguab2OWTtLan1h:w9Fxe0LG8xOrBOxplr6cqK9ljuiswhuK
                                        MD5:E324933C09DDFA3D99168AAFC907ECE7
                                        SHA1:96667CFEB027E2ACB3FF9F40AA0B88F2A7C7B50B
                                        SHA-256:214CCFCCCC1D2744E7034F4432900DC135BEC60588AA64552BE461550A567045
                                        SHA-512:DFDE8F62093C6513FB7F4D73C369BE50D1A4495D84A084257EC4A2B93642CEED282106842D6BA28F88F5484D4223A16A65B528A0C5E085354DFCDC476BF8A00E
                                        Malicious:false
                                        Preview: .-.?......'.B.....r.H....].u.c;....'0.2.d.p..%.j7W.+~.C.cu..`..Q].~296?..S...P..fMQ......3..)F.....R..(.. .,}b..Y......VR.&....4...#....D........}.h.}T..l..}. .w..e.m"f88...Nv.t....T./RB....).C..-...$eC\.A..~o..A.D.[.1]..P.YC\.l. ......zg..Q...n....+...........-}.{....)..<{/m.....Q./!.,.Z..E.I..?..`.@6."!{D.q1D..EJMb...L..........%\.e..M...v{os%D.<...u....h..{N..hy..2n.-.....m:...}$wQ..f..|.5a..#f..s]..u..a..s}x.0..~t.C/.B.0.J.....yH.TP./.`.AnrvEd.....K.O.g&.....1.X.)....~... .J..9.............$.........o..7.nV-:.O.k..L....0H.r..%...k...B./L..yi.......M...](..vg....w..!.p..q.O..3#...pj..;.W..w6)/.......1...."......W.......1l .V...ex...gj..7.f.S.I....YW..........Y.5..[...1....xA..m.z?dY.x7.5A.P.P bB...jbU}.e.....@..`...9PO..T.C.I6.Eih7u$.............I...;.....B.:.{q....?A8..j!...,.Vh.[.@.E.:....\.*.,..P...\._xvt%....7.Oc...{.......u>...Yx.9,~.Q...z.iI..v..k..E.V.h..-.3~8e<I.......<.6.\&..;..(%....y;`.Lt.Q....bx8Q....vt.}.Fy.b..1E.#D.`.
                                        C:\Program Files (x86)\AutoIt3\Include\EventLog.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):32262
                                        Entropy (8bit):7.994416454650402
                                        Encrypted:true
                                        SSDEEP:768:sXkq5T0vrXs+/9THqNuNDj6zO2/6pe3yFPe6WsUDfpqDpqrjkZR1Tj7nV:sXkq58s+/9TkEFGs4fgD4v81TjZ
                                        MD5:24BDCF281B5E3EE41F3DC9B379554058
                                        SHA1:8A4F8C69EE14CAC9B4AE5A6E0CDE17FC73F29FA0
                                        SHA-256:6AB50968E5ED4069A750FDB94A4C8E055792AC0DFEE8F3FE6C89A266B1E67358
                                        SHA-512:F6A933B9B6E7B41F04B5129E7EBDF5A0BFB8F2455B84E6BE4B7456D6EDC5118EE7DE83BD52CB4DCE0FFD29DD0E8D4C1400CFF5208CB624A0AC0EEB772F4797C2
                                        Malicious:true
                                        Preview: ~..Kl.Y..D.NgP! ....].I.>.%..my..?.R...N..o4.....5....g.,..............'.0.....p&.q3..A....n.\..mm....9..`{%=......(..Houn....G..N..Z.,.;C...!...oZ bo...^......%..>x.7;..P..#.cL.]...b4.Q.\..#..0O' .....\.P.Q..'.?....o.....k.h+rX.t<.I.!..o.8w..l.......y..ZV.f..e...OX....A......43.n2...k.}^>....c...[.%........[.OB.m<..{...<....d.k..j..wxsY.&@.....(Q.W.[.K.W...uP.q...W..N`A.....n.h...G|..MW.n..T^...\....L.M..z?1.W..aF8..4........o..?.`...2..xem.b|.|...........O_.a..-d.\............$..{.......P.{I.]...Jy........F{p7..?.:............3..'[J..S.&.Id#.B....7.....k-..........8....|.Ff.9...64."@......./QO.. O..4.fk..G..c.x..z..........I6.$s{...a......:..=!..%t).,~.....S.C.It@.d.....6^..T.`_T..L!.[...*...Ir./..l>.2.. ;bR...F..7..M...?..S.....[..pD.......`...f...u.k.m..C._.....y..' ...\.M............w(...._..Q:...6Z3....#.....6I...c9....=...'e.Z.K.Vfw...,..../..*...R.v?....-...Gb..........}_.Z..}z2G...i.~*jT\..Mg=..*..!.xjn...b...
                                        C:\Program Files (x86)\AutoIt3\Include\Excel.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):58023
                                        Entropy (8bit):7.996726431157712
                                        Encrypted:true
                                        SSDEEP:1536:nxieDwWonq10U/VZEhKVXO2S7uZjMqHP/dISqCs:/DAqyUjNOt7yjVv/d6Cs
                                        MD5:C771F2ABA9D028EB3856B2F83B24309D
                                        SHA1:24FEDF4A348274432B454CE5BE991C45AFA65B3C
                                        SHA-256:F385FE4200FE79190C369411F3164FD8E7BD9127FCE1BEE6A9D1267A0D254B83
                                        SHA-512:F249E17878D0B5F65B03E37EF623EA1DD5ECF8E8F80E8CF17082598AF8A578A13F807D99DD37A8500CFF855F971D873109B36995603A44CF7F57428901E8D93A
                                        Malicious:true
                                        Preview: ....$.y..........}.6..y..,I.........Y...F0....O.c&.C...^.......=......`..............7yYM..b."..{.l..(.dMsQ...s;.XB..C.mV8..~.Ac....a..s.."V...-....E...Hc..c.G....i.>...G....2.^>.......W`S.t..E....v..B.G.@.:.).0......O.BE.e..f....2>Ga./3.....NL.7.';.9c.W'...e..._.].e.........$.Z6..C.6o........%...TC;M.;.3.....E.`.{.ZcLJ.....OZ.]\...#Z...l....QH.KzQ....'K...%Wd.%U5..[;..l.]S..6.....kB"....G....5'6e......s...8.?.......r1A.o.........I.$..X.`u..{..-L.-..W...p'...d..I..&qf~.g.4u..<....c............$.........v.S|C..&.._5..~z......*..(../1d...#m...9.^d.....o..|..pv_.S.q.X).}.t#..H..O.r..j..JsX.;`g.L..@..]..t{T<i..A...^|.Mw.....,...6jSi....;q....o.>....[...%y.;.....(.X...2s...K....-...2......QB(...\.G..x0..b...*^..g..I..w.8.....%e.K.w../ml....,...........g.h....p..c..}(k.I..Wv.?.T.KV..,x....~0.....{..5...N.?%..&........B.....A...l5|Cl.:)..u.9...&...R.=.bq.I..... ....nri...,u...:..?..G..Cn.X.....81.T...FOW,ts...[tX.&..v....M.........
                                        C:\Program Files (x86)\AutoIt3\Include\ExcelConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):20151
                                        Entropy (8bit):7.990375027131788
                                        Encrypted:true
                                        SSDEEP:384:uSwbQJaNgQm786TEK3bH4z/Gy1G4S9lu5CrPw1nOEaT4GQr1W7Z4okUFLBo/CWz9:aDuQmPTEKrHeu59luMrYbaTTQr07Kor6
                                        MD5:2BBEB63F058183CF3B349A3D8C99A6A1
                                        SHA1:45C25F06F954ED1A30DFD54FA0C401780EE15635
                                        SHA-256:980782110E3647E075A50320202BD8C8D09F9A05A91729667BA843ED5FD34F65
                                        SHA-512:DC8BCDA71F1325E7033E0200B4BC8885D3769246626CFF67186A5017DD126B47ED6ACD6C85C3A2F16C3DE4E03799CBCC30D73EED5E51B5A70F5613BFE29E3816
                                        Malicious:true
                                        Preview: d..[A.-..!-..^...uL...%......e.J...JvO.;....w..........\..m3.|....n..Y..@......<.y..Q.&.)(..U.N+c.:.~W.+_7..`.]..c...q....2..0`c+a.].:...Qo.U.1....NMT.00...".r..5.....N.9.s......(A.:.dhx.f...x....E..ss....C_4B...q...!..h.`....7.3....niia...^.&.m..J....~...\..........f..5 E.~....#..v3M../..1.+}}.2;\........f.#Cq..1........w...TI.g;.D..6.C<#.O^..i[0sVM.......e>`....s<.F.nw.J..I.c.....\..t..?.#..S.gO/Z}..#.3*.VS....sg9x..~z0=....4.....%cy.MB.yvt7]..zTb..~4X>.....:...c..........J:A.../..'..d,............$..L.........f].u.J....p$........K.*.6.S.L!_......U/m.=.^..#P........&...$4(...=r..Z..Q&P.....z..db.s7..aQ.h....[...e.F#..o..:.(6!....2...1.z....6v...f_...jd...@.`n..0.>.yv.....3a.:.k9.J..(... ..........s..B./.R.1'..'..(;.........2.`-..u...p ...%:...-...n6G`L....iiBo.j.fA.g(@#...B>?.t=.$\.....9..Lv..'....:^.....>s}..W.v..C..U.......yT...pb..7.vt...Y(.....e.{..E.O..48...z..`.V}.....R..3.._...K..Qb.w#.1...QU".q.&.7+x..."..i.Y..d._B./.LUL.t.......{*
                                        C:\Program Files (x86)\AutoIt3\Include\FTPEx.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):46136
                                        Entropy (8bit):7.995696660333499
                                        Encrypted:true
                                        SSDEEP:768:vDvuSlXtoCfYOyXScD6J2UG4+EITkoRBP8xhKyD3wvNJxQhPEuYkzGb78:rvflXuCQNXSC6J9DNIk4PkKyMqMuF6A
                                        MD5:DBB19A7721A9358AAC013F87E3DF0F8F
                                        SHA1:B6670BE8925C5E4020A873C373D98CF1AA196FA7
                                        SHA-256:49AD5BC0CAF60749E441505779D8B6DAA90EEFEF6EA121861FA9A4FFE72DE215
                                        SHA-512:8FE3D1B4513D846F7237B6BABEF61ED380854E83E4649DA695284140E1A32E8FA1285AD92B43A2B9C6D589CE241E6D97E784669CED94760FFCC1B30EF324D9BD
                                        Malicious:true
                                        Preview: .;y...i.+.......=.Z......+..i..M'......lY._.=1C..yjz..c.3.?h..I.ZV...A....+2.`.m..........F.%wx...ko..?Ma..6....4TK_T.t..6DsNV8l....E./i.$...1.~.>..#..S|Q?vge0..y...K.......AR,..R..z#.'.%,..<..d...gl.B...../..{1 .......+.........A<.Ev...>..-...u..-##M..s.......TX~.N...{.6...@O.h.9..0.2..&[e..u.5..U.....zQb....!.fA...9...G./..J..T..eAIJ...C...."xA+..{g.%..7E6U~0..&...O"......3.."H.F .T.s'.x.zh..uA...`n.7......ox.P#..;s.CCb.`*.HX.<.i.n....'z~....Z..'....!...w.!....].F.+....#..B.xC...............$."......./v...U8e.Li.1...3........Z.H..V<x.|....62..u.V3...o.L.%.c.F.-..W3....w../|.+...|NJ......mQ.5..F.k.q..L......~..h.`7.......Sd.^m...}...X.....AK.;.....N.:...B...*.e).O.4..1..=....5...e..Qi..}<53_I......%.h.~.R>H8...G..W....;..C....9h,...D.. ....[.+dSM!C<.Y.D,9..i...v....H......._.vV.....T.*.....>...G.$i....&..p@fr.6=..N..0.....^...)...G..aD.j.|..K.h.O..+.w.....KknM...X.<9.... ..?.e<.....P..Gtl8.}mK......../B...5..,g.<...Q.t....#K..>c.$.-.
                                        C:\Program Files (x86)\AutoIt3\Include\File.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):44488
                                        Entropy (8bit):7.995542305565684
                                        Encrypted:true
                                        SSDEEP:768:3NAcuFMwj1nPA/eAbVmwB5uZDLm2Y9tzuJUZMQPPWOtUarbpBKWDbBFBQ:dEyytIrFHCDq2UJIU+Q2qT35DbBQ
                                        MD5:614AD8406D4AACBE2692673AD7E5E62B
                                        SHA1:4D4704B75E3757D7298ECB3F12EE8D8D1ACA2947
                                        SHA-256:FFC8818C4C2BB1F9A6546CBB6AC31659DAEEF85A1BA6BB5E8DA058C71B65792B
                                        SHA-512:5FEE1F0E1BDA8CBFEB6F81BD4BFDD0D6ABCF73AC4C90572E6635E6F523E4CF1752FF0D60A4AB14DFB70F681D960B97690359D36DE65C7609401EA33DDF0EC7CD
                                        Malicious:true
                                        Preview: ...9..aM...o.=.n.....!p...(.......@MHU#../.%.Y.~.f.x 0.|4....`?......c.u^b..>.W-..R.\..Q..Hg....y....Z....md..3.E6.:.d.?Fe.n.!.":...Z.$..U.<..%.;.......6....\&..R)4.E...>@1....w...o=.$....%M{.o.O.7....?}...h.."...O...n.O..iKm....n...;..C.ps3Y..X......m@....^...UXzy...,....%x.....Q..J@Q.....z.Z......3.u.....w#=.bJU"..../.v......Tf5....S.....iv..9K...^..#x.._L}M.C.1....#.V..^.'7...0.sR3...}.CWhE../..d=......C..?.^%......Z$.m..:...*...vH2@n...1.E.M.f..../}j....<.O....}R6..@L.x~VH6pA..5............$............\.....5h..<...Zuyu..=Rg.LN.XJWic...+..a..X.....O...T.A.!.J...f.5._A( ......fm....40.7.#...z..3Nfmq,>.....a.W_.u....*8.w.a..iRa.....8.N.C.!ea.TVX...Z....X>..J.L...M..e...q....y.X0.j...n......=97/.J..F.......Q.x..ow...lX./...6e....Uj.~r......q>.,....%...>c.f'..;..K.5:... .V....H..E.d.%..DP.F.....[.l._.q..5`(%..4}.yT...:^.....+6..7...;......6.bp.6...1..xFT..fF.........?.^.}............C.0.ST.oq..J....-*O.)....Pr...b.......9..6..).L.<.x~.:.
                                        C:\Program Files (x86)\AutoIt3\Include\FileConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7215
                                        Entropy (8bit):7.9720916681187886
                                        Encrypted:false
                                        SSDEEP:96:Zb9plW7/bnBQpmefEISOmIFLzn8NQeISmfoxcO3aosiEV9vTugxnRqh3tv3MgkHN:Zb9plMTDbq9z8N6amrLusRU9vvkDOiF
                                        MD5:CA99EACFB747E7F068046E87E3E93C11
                                        SHA1:01B2D2F0E46C404C3995979F947119ACAB5BEF16
                                        SHA-256:E9556083548ADED09124556814806EF534A0224806D5F29022F96FD6DCCD6AEC
                                        SHA-512:340911309D666CF487666E53B893B27DC3CF439D7FA46B3CCCCB037C78952731FC55917E4638A5AC2112CB5CEEE5267DFD4835B43FB0F564AA539B78646476AC
                                        Malicious:false
                                        Preview: ..o.sO:........SP.C.y.......X......(..`..+;..G0..Q...+1L....P..|..`$.a.4.....B/I..N:.%g.2.,R..A..w./.?mt..z%.Y.o..GLtrw.....)v&..J..hwh...-..*&.K...C.Z..`.!.e...U.Z3...j.r..g.o..%U..2M.e............X.e.vU.bb......}...s.0.......g..U.C....6d..(w..N,..g.Gi&Fe..........p..pu.".w.5J...o...7..9G......n..N&....j....w.8-3....>......u/}.r.2..b...o..P..R%.`_...8/..q.2...+...o..t!.d~...(Ns.H.Y.O..(...*x....S.../.qR.Y.o..(..-u..E.&.....=.....X..X.....U.[....B....>.....H5...P...B.....r...=............$............9....O..............0...t1....im.2.....Isd......v{[......?...%....\....$..I.Y../...%..W....[....[.'.Hw p5.&Y%..G..../...(......HN...Z..di.u....R.I.A."...FS=.Bz.0.o.........p......N.Rpp.:.`..|.{....?.!.W.<.....b.&..,.F..c=.02.1.....[....+uX..K.Q..9l...x....$m...0/...&h........;..t.....U.n......X...s&.._k...L<j.Q9+.BD#..aH.o...u.}.'.T.b.S.D..n...!K.ua..2Cp......'.56.....h.....U......n..Z...e........\.$.&.y.{X..B.j......H.p.m.baj.p.l.."..'..8..
                                        C:\Program Files (x86)\AutoIt3\Include\FontConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4140
                                        Entropy (8bit):7.953540450389975
                                        Encrypted:false
                                        SSDEEP:96:wVbvGkM3s3xraZYGo8ouLKFjuDz5xixYOuR8dH2:vk4s3UZrovIP5x6uR8dW
                                        MD5:026F9B885A639454422BAC359E2850AC
                                        SHA1:57EE18F949602A88FDC1312F4428C1B731F47B3B
                                        SHA-256:D3382A07A8E7DD5EAB802E81654FAD81C65D7303D878E05C16759E046EA6C4E1
                                        SHA-512:35CF1EFF2D911DF757C0E0FF51EB52267020E51DB7B64AE62D870F2DD0F23B860CC4D5A739F409328D6BFA981D9371F511E83EFF6E61050D9619249C0C9F4531
                                        Malicious:false
                                        Preview: ..#.u>./.Z"Us.._.}....+Mj!...i...K6...buA..].K......./E. ..~...95^<YW........!.7m.0g..]Ux.....N5.Ms...<..Kx..{...E6DH%...q.....k.a..c.....T7.AE.....$.3I.......r.5o,......'.G..Q..v....}.)~.O?.../.W...n..D@.#.9..!(-.q.q.E.......f}2.>....q.1fN....w.(...hg.-<.K@......:... ...7.....g10..*z.......kK..k.G.f....v....5.mER^..b..).:.........>l=..p..b.A7...!|.DZT <.wO..M....(..#.)..{,....><.%"!...e..E|...#.f.I......d.\.E..<.fW./.[:A-...b....|......;.......a.?yf...@.%t.Q.=.-._4334Q.|.C'k..^l.b..N.3...|kg%b............$.........R.)......X^.....s.....K..+Z..5.gq....&....g@.3-a.....7..o.z.......y05..[..t......(2..n........Z-..R."....Z.+Z.D_a;s.R.`}).k`..<(H.......T&T.M...3.zVs+<Q.C..."i.^O......p.q..fr..n...(.O..4..1..$&.r.."..Cp.o..y......Q.:.. ...}..".......(...GLuc...~I..&i.._(D.qr.."....Wn............X.f.-1.3.......x.m.=.K. ....2+.&..../..p..q..-......qN...L.h.6..u4.cB)?..7..2i.Fb.02..U.?.u..d.C.s(.x1J.D..u........-.Pk .[...z..Oaa...B.lE....s..@o..W..J...)....9..M[
                                        C:\Program Files (x86)\AutoIt3\Include\FrameConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2602
                                        Entropy (8bit):7.918157699776251
                                        Encrypted:false
                                        SSDEEP:48:0kd8IIUgQqKyXxWR80nbIzk2HCIJsBgwlDTfPLCTJg2dF7U:0kdDIUBqlUQkETsOwZfPGTJg+Fg
                                        MD5:CDDD5932E8F2F1EA57F55F409FF6AFA0
                                        SHA1:AB245AA22A6A8929BB179D4663DC186610B69EC2
                                        SHA-256:A202B9B5924B422069577887B849C477CCD74D2B2863FDDB4A9C5753B7B140BD
                                        SHA-512:D402C7655D28C88F73ED0BA654C909D99888100FA7360B8E9E2727D44142E35FE7052774836EA53BF44C90346DD418976C5B13AAFBC57BAB46D2A39C99586A6F
                                        Malicious:false
                                        Preview: .......?.p...k\.j.....;r....C.`.Z.....^,2..}...x,..p.;.U.u+d/..uH..qN..w.Dy].&..Xv..*..s.o....=SE.:...(0@q*.....Y.S........7..6..2W.......ZP8.+..0Q8`..........H7.|.c.K.6x.y.'...9..^.....s.M......"8....R...=.=N...F.A...Y.....=2..)7......W...V).^...0...c.)s.mQ.....Q.#..G.C.c|.c}?w's..2..=V.lsF..t..5u.<....t!v.&.eS..e,..Z...~.....c...<.'I......(.....8b|Y.T..[?..92bik1.I.B.,.=.@.5..8H......uQ..n.j!...;..V...mz..g/4......|.f(.Q.;.gC...v..M.8.?W...zA.+b.W;.M...5.........).1.)+.E..p|............$..........`.j[....._U.LM..^0U..A..;._.4...>c..>'.QI.3.z..e{..~<..!....P.i<. ..F.\5..".r-].n....o<.H`.~..O.l....C....X.A>z.?"......l..Z...5H..9.-..n..7.Y........7...EZi.......K@M.9Cd.y.N....h..G..'._x.7.vj..H.o...E..g.......'* 0[.0@.....\y..|%...H.E..7.....*..8.}.F...E.i4..Q...G......1O9D.y..A...#.@.{.tv..6"...>F...,..2.3`\..oO...s.....q..u.u9.(.{*...6..HR..>..L.....HRM..!.I...O.s..<.o:E......p.....k..'.;.T.hl..,<5.,./..1...fF..)+BRf@.X.x.*r..>cS7 .
                                        C:\Program Files (x86)\AutoIt3\Include\GDIPlus.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):305355
                                        Entropy (8bit):7.999432736063217
                                        Encrypted:true
                                        SSDEEP:6144:PIl5ZiRZLW0Mk8lNWx9IBn0AL/OmhdMf/empw4sela11SJexuz7MIUI+A:gHe7MkAiIFOmhl7qlhV3MIUTA
                                        MD5:316A4A024935CD78BCA7E38785674485
                                        SHA1:910A81C40986687461E765591218A52E0F2FB125
                                        SHA-256:7A25F4A4AE54C4D2631FD6C756D8D7E10A687FA96E0646D3B63FFE7ADFA28433
                                        SHA-512:BB723E94AA221F43A89F5EB86402FCB6DBCF8E031BDE0179C6D88E21E4A3AD77E95BA6ECBCEC986796B5226699BF9CFDD245A1BEE8E0291AB752E8786CCAEC68
                                        Malicious:true
                                        Preview: U.DB.`....ZE&B.k.`..........Oj......Nw.....O(.^{..hW(.`....$...>.&w..-.52.kY.pYn....*.A..*....8....]b".z.....L.r........z'...F_]`|L..`.:..*..K.gz..k...|..$.j{.,Oz`....M9...0Hr*......(d.^..EY.T.....h>.-.....Pg/.t..N..P..LWD..c.7P..<....p..).x.........a&..s..%{....fp_%....LC...z.?.X.....E.Ck...M.......w....6.yT.....6.W...^.B..2L.9p........xRM3.c...;...W..h).....Xpe..(....6j..n.E.C....~5....s.r7.y.;!..L..DC.Y.JA.#.bsd[../.T9.9....$...R......_.U....:.]..#tE.k.y~1..`...~... 2..P...............$...........R.f.c-...7....^..;....T..e.........}a.Tvj.C.. K*V.ZQ..N..lx.....v.5.y....,.3......P.{QwDlYG`!....N...".<..X....+x...5.&[m.6..ET.au$B..5......qo..Jt.......;.....b?iM>......r/IW..8.\._r......S.......j2..&z.G.......%.Vk..".e}.2.mW.F,1i.*.hk..7r..@..Y..GCY!...1.2...%P.i........=.7....{.....>.......C0.3.D.. y.0.....>..C........i.rX..lS...r.pa...w...&..E..X.j....A....2.i......M....bk.[|..R....#>9.i....cm.^@5.u....K.....j>p.z8.QH.
                                        C:\Program Files (x86)\AutoIt3\Include\GDIPlusConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):28567
                                        Entropy (8bit):7.993602226425774
                                        Encrypted:true
                                        SSDEEP:768:9p14i1rnNb/Zd+AP4onjZ0PZLPsqxZ/5+0IHXy:9f1+UhaPZLPso7Yy
                                        MD5:383B59FD9966FBAFBD33529246B44164
                                        SHA1:64EE248E452C102818BFA5FB01514FAB47B45459
                                        SHA-256:11E20418C8A80FE4CC439999F7C65FE9CAC4452902F53F9A9FC77BB219D5E573
                                        SHA-512:63B4A6518C04FEA5F631F3F0FB80FE7719ECAE795F16C0B7661440C8836A197ABAA375C58D2945E1E64664B274E3A9A7D8402AFE2376D0ABB9F042C6C320EFC4
                                        Malicious:true
                                        Preview: ......7.Pf4K.l.F.f...P@.I......W,"...2d.....M.....)U...z.1.~...}].....~..%.G..W.O.n...CW../n*.Jl.2D..h@{c#......*.).'.....ciX.X..8.$.'...+8..,.{....zx....G,c..Q.&R....&...oad.p..b....)...k1....n....R.<\uK6?.y......../9>..t....2..9.lR....(.M..sK..?+.....*.(..dn.[.":.8..aO;U..B.js..\K..tE...p'.....:....W.D....v.d.cE...>..*mW."..G.b....M.x..^....n.^.c.q<....4.B...0.k.rj..+..........m.Wk.....+...%.4..K..Tv...N.b@h..Y2>...c...3c...^1.U..F[....=..W...^...|F.m4.c+.....>x.J.|o...jt...T1..............$..m......O.....KQH.MN...ljv..G.....z........_....k..jB..........G....% B..B......6.7X"..n.*...@.J.I.Y.=.JK.6.d....`0Mh{C/......s.Q65bF?S....1...Yi.AN.....^.6<..F)..1...K..|f...0].Ef7u...g.|N...k.R.....2.m[b.S.f|*.q..#...Bq..3.....:_m.J.......R.pi.......ob..'.46.]..+.#....6.A.6..(...O=..w...$..d@.Z.....X);..{..7~......1.,_..{.....n.Lj.....BB...,.f.1j..7...9.YeK...9.............R.E.x..T....:..KbF*.Z.R.....0..Vp........".........r7qKH....AR.o.V.......\..
                                        C:\Program Files (x86)\AutoIt3\Include\GUIConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1543
                                        Entropy (8bit):7.844173428681921
                                        Encrypted:false
                                        SSDEEP:24:A8LynK5icc+68fygQpuofGNOAYApsRHTMebAsnBpXyUiCM8wknINYV2zWnLJLn9s:AQgMygbLs+p4HTMA/n9iKwkV2w9+DaM
                                        MD5:CA0A827BA690C5774DD453CC134268FC
                                        SHA1:493E8D24B5E742DCA7C525A7308CE8734611AA48
                                        SHA-256:594DFC0767E351496510EADD859A4D07C74174A1C01B7E673E464FF0ED4A1553
                                        SHA-512:AFF14801D3AFE3BADAB750139681ECD66E08049F19AAB5F75FE0EFA7A8FE5D573E96D373297C07F0FDA7BCB020ACC01B88156AC308E1EB59B873BDEC05B06261
                                        Malicious:false
                                        Preview: .2....D.........u.....-....Y7.g....E...-5....|..9.M...B..%...4._T...9&.l.f.....q.<...6.\..O...q..W..c....R2..N.../...-.0....7......;.{.A.F.`..J..Z7.6Be(ZW{.:....Hc8.4..2...}X.....,....B.!.......%F}."/..+e..U..R,.K....^U.....$.Gw<..C..*..s......A...S..Ue.o..#.*.M/..H.6g~*.;F4....z......M..9...t..9.@d6]..y`9kuT.y.....Q....`..U...y5Naw!.;*n..v....D._...0..x2..@4n..^.J.3s..M...@iu...m.\fY...f.....%...H&`W7o..o~"j. j..ni..........3.!....W..K.c.B.F.RQX...../1._(..oM.eMX...X..o./.JJ............$..........Uo..h.o.......&...7X.aCHm 6o.,.Xd~...5.;.|.{..p...9.c]...xd...VG.#.X*.W.~.`T./M.(..G....t..V.g...z,...%....I....z.m.]Y....(...]d..4.....8R...,BJ...!..#j..V{@.Z..........,.CKi.*....W..2....z'..8.....'...tIg....l...Mv.c....,.x|.k..(.../......g...K ...K,........F.$`Gf..z#. ........1p.=D.p........K..A....LX9.L...&.%..i0..G...5+`....o..!.0.%(1q5..^...Y...F.....[/!..X8w...-......K...5.\...O.....A......EJ."./*.*p.oJ]$...^...;....,.............'...:.
                                        C:\Program Files (x86)\AutoIt3\Include\GUIConstantsEx.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:Dyalog APL version 146.62
                                        Category:dropped
                                        Size (bytes):4583
                                        Entropy (8bit):7.954666069305958
                                        Encrypted:false
                                        SSDEEP:96:JlYvVWJFHxIxFAg+1N+jvLAOrOxhXOWO4V46sD:X6VgcxFAPNyNSxhtOGuD
                                        MD5:F1FAC695B67026922DADB1B9196C8919
                                        SHA1:18F7C34B2FF3866B5DB09A10EA865A94E03A7A34
                                        SHA-256:B8935EA66C19786B9DE2E92ECD23B04B1D1D1D33F1588B613B666AB5C974AEF5
                                        SHA-512:B6AD983BBB883D2C3781A170302C0F0E5E153978ECFB19492B387FA5AE20A99871883E1251E1E8014F461470B89F1C023FDE4F7D3D97AF2E86E155EC9076E0AF
                                        Malicious:false
                                        Preview: ...>..L..bbu.9.%L..y...vQo..4.6..|U.D...a...N.z....S..w.p.LAd....C.....i..~C0a..|K....AT...S4K.... S*..3........'.}.....+.t.. `..\}a.P....1.G.W....R.V.'.tSIJ.uuF.k3.......m.O.xE:~s....CA..1...[.}w6.9..+.`lv.$l..0Z;.....8x.QNZRH.'...n.....+..v.......po..$..p....m.l..}..Mf).kFR.M.NYN>I.......X....l.3....t.s.>.V.r(q}..........N.H'.?.l...{...w Vg..v...j,..a.C`...E.uX........1.,-...+(...g6.7@E..PDm....CT..p.^rV..Q./|q..\....x.f...T#...y.Gky.."%~H..E...<..G..;...T.B.kvd...*.M..LM.[....f..9.............$.............&..j..7.%.u.M.K..D...]......k)VA..B..E2}p.!...rn.N.eN........).. 9R..U....=&(.Z.sE....,........`.."..%........p?.-2..t5...!:....)e8.c.S.[..Xr5....2.i_.~J..p...z.y..@...=..G{.<~...f.....a9..h._.....8..P.E..5"..IaF....l..p.YI..44rE7GD'..(C.....{...A..W.9u.d.@..9...s./.k.bud.Te.....J.h.1..MQ.r.C.Z.....x..ny...0..*...&KfY..h......<...j..^o......9.. .r..r...I./<..GY...f..8....R.A.H}...;...S......w...S4.............P.6g.@...`..V........C..
                                        C:\Program Files (x86)\AutoIt3\Include\GuiAVI.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):11784
                                        Entropy (8bit):7.981731356091864
                                        Encrypted:false
                                        SSDEEP:192:KVt9r5MWf1nhZENeujaDxgtQdBOTjP03ZV7Nu0Ufo0YeXBoNRJYwdJaqkT5:KVHKghGMuGFo9n0V7Nu0qo0YlN/JG1
                                        MD5:8DCFCB3756E12858598E3263171490DA
                                        SHA1:F723F4B917F84A2CC6BE58B68E18E4C37270C5C4
                                        SHA-256:8A0EC1ECE308AD49E3935E77A39BBCAC05BB213520E785D7AAC6907BB45B3C21
                                        SHA-512:1F943B4CEFB2EEF73EFA2F721A1CCD18E076625036E35ACFD1D4D120E8878470126DAE3421523461087C0EDEC3A4C735F012C9DAB0918DD5DC9303D16D6888C7
                                        Malicious:false
                                        Preview: ....:9.k..W(..d;wU..t....D,]....R.nG;l....(_..i../....E[.N.A.........R.....<....&/."*v..:Z&........,c.^,..Yz.j.U...M9..[....#........kd..A.(2.3{.....P....Q.&.hB........jdd...&....gF.9...g..J.&.....h/`.(.o....es$.V.c.p...s....C.... .mE.....&.{.V.i.f[.\.0...X.7V.d..._....a...a..m..Hnf..*.....<.(....B...$F..t..e.&p.dm.......A1....l.*.}++k..L.$g5./'.>....z...p..HW...n<......5..j.g.8,.+...4...Vw}m....5.....p'4..n..2.....nE..A....194.%....i.....e.G._{...g...k..:@T.D...f..;.....b.d.....H.............$..+.......&.....}..e0...G....h....."t..Ko.Q"MQ.>$4.W..x4.........$.....",.27..DP..S.e....6n.....L.Gv.z.QUr........8.o?..G...f.0#.(.......v...G.q..M4.{..+$I.N.T...b..y.B..7N...Y.d 4j...kJZ...|.o.!..&?-*.....>.j.z?.....Cy.s...M.3...'..a...v..".. .PHL.)..Ie_2..U.B.h.5}.V....j.D..l.@>"r...;....s".a..:...QW.k.........A...F|......2.3FW........M.Y._/fk.@.]...D......dH..u.&I..bWL.:...PW..M...,n..B7.h..;o_.......+..>q.W..A.Wm..mH.?.(.......m. .t.a.iZ....7.
                                        C:\Program Files (x86)\AutoIt3\Include\GuiButton.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):29027
                                        Entropy (8bit):7.994261519866533
                                        Encrypted:true
                                        SSDEEP:768:T7kZR58iMdqI0YC5KRst2gNZHSWe5Gr/pwL45ik98r:/kZR5HV4YRbHSWe5GbpOsV8r
                                        MD5:98349E8B6A3B7E8862A4951A7A94A380
                                        SHA1:812520F9FA648567A8013012D5342CBF18EDE7BD
                                        SHA-256:CCF0BA95C8D563CFF86FD2D1086CF888755217E8E6ABB2CA05000D1BF6AC680A
                                        SHA-512:92B8E6EAB94165BBB33A2FAF1BF143444585DB2359C09973AE41D6E4552DA502F9B774FBC44B191621882A915BBD10041440908B6B9AE8F96EEA13B65F5F9A39
                                        Malicious:true
                                        Preview: .H..0.'..B).L3.....WY.:y....#~...V...NP.c...B.F.,>ZH...j....I.]S...6..hB..Q.F..:s*.6>..d..I...~3..^..r.cuC.N......8...+...K...$"k.yY]Qh.....`;..7..!.Eb.p.H(.j..j...;.:..NsS.y..'..T .$..........8....XB.......]R.rBKT*.~...7....L...........Q..y..\>;9.....0b{".....<+..>d#*;..1..%...X7.....|f..d(......f....x...8.U...../P.Y%.(.~..6F.......R<..#..|..4.:.....#oxc.Px.=.....J...hA.ap.w..h....6...Z...=.R..T.L\1....k.S.).P......7......'.Dm...G.xE.&.b....S...aW..bu.y.3.lbD...,kl.......y..W..$Ed>..17............$.Mo..........X1...8...E.I}W<3.2..y.q.#.;.....C,:S...u..~h...z|7..c..Y.{.1.S....$K.0X.......Td-.3.Xt.f....@.)v .B..>CA.....-.ebt..%.)..._B1^.._\.@...x...t..h...*..Y......\.;.....g.L.....o.|...^.f.:;P.."rf...........7..ur..>'....R../.o.wB^.M5].p...H...._KF.<.9...#.]..e.>Cdr.........).?.m%..M?.....ru..R.\....r.......y.n.hT.+.G..L.]f....@..}Qt.]k...X..v........yp....x...w..S........nE..1.?.........D..../..'M..T...a..x$......R....h`../.G.>.d.V...'
                                        C:\Program Files (x86)\AutoIt3\Include\GuiComboBox.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):42159
                                        Entropy (8bit):7.995329587983423
                                        Encrypted:true
                                        SSDEEP:768:MGPJl4pMQ5wcvMSnezZfQPhKr6umADoBUepTvcBWycBqegqpfYxQoK+QHVmuJI:MGPUMzZfQPhKNs++04jBqegqlCKL1mb
                                        MD5:2540B24D7B2D8E4118DBC773996851AB
                                        SHA1:640A21B2ADACF6265A0A615E8153F6593684BD21
                                        SHA-256:EEF4EF78C265C525B5AA56935CF400D98F76D5DBDAC0836191B484205C3E1AD6
                                        SHA-512:AEB31C9335004CE88732274BD8801C60FA1D50F6F68615C9DD8F993479593F53737119DE5EED894A94290179EB0EB7F1CA5DF254C5EC635D86ADB4A10D725D89
                                        Malicious:true
                                        Preview: oa...}..b.!.VBHUz*2.%.-..D.u...A..,.N....s..nL.<.....K..+p5.7+....B....XnP...*H~......`....Ea...X.W.....iF..u>.n[k....-.x.2.......*$.Kg..[...mQ..Z].........C.kZE:...._..T3#.}.6.d.*......#..!J.-:giCf..(f..!*x.}8.E`..&.GP9.=....S9.......+........<.o).ZmQ7..,..I...]L.B.....dF...X o..,....j...}..Nf..0.B..<..\....m..R..\...4...O.J..+.o[..Fm.3.....Hm.@...|.*e.Mox.6...C.}....CK.4.l2..w.C.%....b(..pm.U......V..........|..4.;9.U.B.........Lv..*...cS.......<.c....P...0...K.*}....?...............$.........x...i...........I.....rlH..7..@..0 ....0............w.B.tS.$).V........&.;Nf..R(.n8{W..+..M&S...H:.....6).....`8....N.9#{...|.`..C..P....$"F.....|;._'k....z../DW.@..au.......V.R......C<]..3....wi5w........rr.~.".RH....?\.}.g..q..T.u....(.h..ym..q.5...~.z.5.....T...p...ts......c....n.I.....m.o.".%_#.....m& V...-..4.......d..Q..!-.B..r..=..z.t..3.u8..%.D....v..UC.JF.w.%y...m.._..Z...}_.=;T8b.)..._>..v.......U!Q.....?...p..uy>.+7.g/g?|
                                        C:\Program Files (x86)\AutoIt3\Include\GuiComboBoxEx.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):49871
                                        Entropy (8bit):7.995446790209237
                                        Encrypted:true
                                        SSDEEP:1536:DnCwJp4HdifxSgxZiQc65iG8pcjFbznDlW1u88:NJp4HdCgh6oL+bbDlWor
                                        MD5:4AAF0D9EC5A5F7C9D4A49E0F68226FAC
                                        SHA1:A81D39D913FDD36A7CEB3CAC75481A2562DDEB61
                                        SHA-256:8AC7C657B214F401DD273273B0A84C7EE489A35AAFA8FFBC56297260B6CBF164
                                        SHA-512:76F5BE44218384188FBE34DF4641B16FD5F8D8AB9878C7752F3B13692EC3218237289C05C573C66A496F75E68570A74621E6FC5E509DEEE316FDD23F7538A63C
                                        Malicious:true
                                        Preview: ..........h..YGT.......Qv....b...t#..[e.X................$..YD....Xo.!K...@.}%..(+.....p...r^....O.]A.)...4*_x....9..^.:.,.....k..c@..*C.m........aC.-..=,...!b.9r...&.@.why...>.2......&...-}.q..#... O...m.=<.dV_D..^s......dK...ek....k......7.rR.n.k(..Py.....?R.b..s.....~...<\...G..F.0....P.h...R.........GKJz...l..U..e.(1@f?.......R...j9jG.."..11iP.@.1N..0sJ.,n..F]L.o.N...'|oh.<..i%.......@....:5S..Pqg*..pG.N..[..1....}|...I.ofi:..J........A~. {.M.?. .....K....(.V0.U.^.r."i............$..........M....".o2..,..UR9..@o..kZ..*.Aqc.v.z..r.h..Jp..x({NR.......S..'.....H.j..7..V[...PCX......\.%...]gk.+.<....$N..(c.I..1>r..aX...U\.d]}]..[.a...v.H.t..l..G..7.H./E....H^_([..t...vG,...c`.d...M.....3...yjZ.j&5a.9e.[.. ..w...8.j.~..5........M.T..Z)...s.>..W.>..bP....o]w....i.....H.k.E.0...j....jI.E..|.>..\.....#;\..3.J.m.A.*9h.......U..U/..E2.U=~....VkM..6nw.d..m^..W.a...#.g.......%5....S..|"......n........_'+...9.i...3.+.O..z..@Y6a7.B.
                                        C:\Program Files (x86)\AutoIt3\Include\GuiDateTimePicker.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):16077
                                        Entropy (8bit):7.987931165671544
                                        Encrypted:false
                                        SSDEEP:384:6vw1g5ho8ff2slsm8/rZH1/yzqSGG/VBZTRVemRpWlZ8M:6vIgDS5rZH8dGG/HZTa2pWIM
                                        MD5:2F51D55DB9850A3D8B512798857C7A76
                                        SHA1:526A9FC1C4FF544949999FDFCCCE7FC87C2BD25A
                                        SHA-256:41AAFF834DEFA2D75A9488E5BD1E73934C492E7BC19F04873B42CE4CF52B0A1E
                                        SHA-512:22C116DE080B4CDEB39FD503D9FF0EE2C5658BCC926B531773CE4F144B31DE7FBEC6D311DB6D536241E17657232B977CC5F69FC21E0C806704CB20CE686CDE54
                                        Malicious:false
                                        Preview: 9..h!.).jU6}A......UM.%....u.."....b.lR.W..e...Y3..@..........)..A..av.%....,.:P.9bb.....w{.X.......Z.q`[D.G.....b...0..]..v.].K.#..*.*.l....._.&.#......D.'.G..[~Q.sF.B...Ty6...2...P.P.PU..B.|\..pU...X.'..NC..?.~j.%*...@.;(-sr.KHL.J...GB..7`.'.._7(....E..;..h.#.n...i.}E4.sf....../...A.<...B..$y..dW..K..........~..xc.~h.5..-.nw.X...kZQ............AI0.5.w=ys.#..u...D..i..%.A,.\.....4<.......7...)....Jn.M.].H.F.a...v5......o.f.E.....I..~...:....'....mD.7S....!........x.B.. ...5e..P4.............$..<.......!].h..'?....}k_.r.6.........W./.U..R......gAw$..MB..........Y7\.3.h.'.4..b*V...............NQ..vSE..Y.]{08..4..{.Mf.$...,..Boa.C&..U#...Vv.r2F......4t.....s...;m.T+./.k.C....^...k........7Z.......1SRy..3...x .g.5..a:...o....0b&.Q..1....p_...q%3B.o+..g.u.....-..<...03s.;-.B...OZ.=....8.G..H..."@..z....]..PQ.t8..f\.{.j.To..;.A;....'L..p?..*.U.....=.>.NbKc...<.4.-.....W..p.....DN.L.._.,,s..~....t.Yq.........yk.ufCZl-......w{.....J.C|\..
                                        C:\Program Files (x86)\AutoIt3\Include\GuiEdit.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):54569
                                        Entropy (8bit):7.9967222681002275
                                        Encrypted:true
                                        SSDEEP:1536:c9tgimiu360Jr+RmFYgzOv2zC1jyNGf2l7hZNS0w+:cHgAKRJSRLLdfOrBx
                                        MD5:3DEDDA1524FA66FFFA4B05D659FCFE4C
                                        SHA1:B540F63515092C1CFB9E27438A9195651E34FF1D
                                        SHA-256:E8C3CB58D4FD9943AF764406C48894366ECD044BB589F9528ED91550F28F4D22
                                        SHA-512:948DF7949F1592EE7B5C8141FDE062DB9FC211AA87C0D409572CA028F6889B8E0B486E163FF32F2473BD0288024FC6AE80C8634E056E3592622BED17D9D85144
                                        Malicious:true
                                        Preview: .f5x-._M...Z.j..o'....F.Ah.7!..=..W.;YT|.:.PuK....Jg.M..YKYw'..Q.....Z.....c>-:Z....7.v...v.....0.....@.......6.Rk....v.'.H.f...d[...zr4..5R.Y1.0........R_+Q....G..]......s...%..1.(..+.}.Oi......Z.x>...a.&......{..p.....i.......b6...^..%-.j.i.2cd.....sf..|....pX...*...U,....;zh......&..t........g:.vR.O?..R.....NM.L.........iE.....A..W.b.C.^.6(j...*L_.Y.6......0..u.=.%...Jj.pO(..U...h)?.W.l9?2..`p.?y........x.....O>;..R;s.....m.$....tb...b...)"...;PP.").K..q.....n...#.N.IL"W5.|\c...............$.............\.s..+.B.D..d}Wq._..gC]..f....fv.)8\C.Q..4..n#..`..._?..[...-.r_z.G....N#u.bfD..t...Wxc...VN.Z.U.P..$.l...4.T7.......*.."...w....PR..wG3.. .B......&"z.u7..]cYm..l."..../L*.?..w.:".UU.t.k..p.i..F!.......M.d'.f..F..+.+.,.(..]a.}gBJ...e...$..r...D.!.-..Lj..A0.gr"T,....r...6F......r....J.w....o..U0E..:...l..4.t.&. u..3=.!...^.X...+.f..a\P.-wfi..%.B.g...e.X..u~`0 a......m...\.TD..C.G...s.+.0.;....@K...Q.S:...../..#..m2..K..B'.*<.....#......
                                        C:\Program Files (x86)\AutoIt3\Include\GuiHeader.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):44839
                                        Entropy (8bit):7.996298900211163
                                        Encrypted:true
                                        SSDEEP:768:FWfFCVRJqb/06Tr9lFnKJlgH2jvwMoXj3rU0pL9p6ndj6KlV7yM9fdZXU9xGj32l:YfsVeb/06fTFnKfd7wMoXj7Zo6YIMRdu
                                        MD5:21E0704859BEC93D4E5884A3AC6BE4DC
                                        SHA1:F39ED0B5B27C3FD570A51C5FD23DC456BC0DB29B
                                        SHA-256:F21D06A7DBDB2913FF54CBF4E77FD43768ABADF22D305A3FDFED5E2716266ABB
                                        SHA-512:1ABE5D1C5DA2701CDD92E3797117E800960E8472591C680155E9B0D0AE2EEECD0BDE9DD4F0C58EF45503D3F3730591C72605B648757FC7E0C27049464856F7F7
                                        Malicious:true
                                        Preview: 0V/J...]:..&.60...?`.......x+..4gx..b..P.S.Z.$gs......}.MDb.....Q.6....`Q......X.`....[a7.<-...P.5.6.....X.0.....Y......S......"7.OKQ]........5...V......Q.....=..q......}.....W..j.....#.z.U......dA......}~.v1.&.*Ck.@.;...#....2.....UA>.....7@.S[.).9...\....`..o+.(....+...........K. f$...>9..aY..n...$F.v).*./..d..0..j.....A.3T.i,........+....n..dY..W{...KQ..a.(hrh.....k.#.e".......$.....0..v5..?.....g.x.\...-Z`..".Z...,.T.^?.9hPU.ZA#..A..{...T....noF....dq$..O2~q.Q....S.A...|.^i7.q..]............$.........@p@)...T^QM<.<'.v.....D&.}.Z..C.u.}...!B.g....W.h......K?.w.aG;.0..K.."...v..AeE.ic @.....e.9..p! .'.......m ...e..M.s...>..i.`z*.sk...y&..C.EI.i. >..W.T.W....O.....&.6.I}..Po..5....9.]@...{..v.A>F......4jUf.mg.9..3F..p..pV5qT.2.a1....t.U.o.........;.v.{.....@h..I.R....X2.........W....Z.eG.;.nT...&.w..;q....0.. e.'>...su....?)...>.'..1.h.....K..:..?.....r..f.^..eT.tn9.y.....n.d....a.....(..7.1...L....4fm...05../.K.n&;..:=J..o....Ys.....
                                        C:\Program Files (x86)\AutoIt3\Include\GuiIPAddress.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):13303
                                        Entropy (8bit):7.98458965054847
                                        Encrypted:false
                                        SSDEEP:192:382CV4bPI/HEaN0GZv8ilFJV5cJTFAJtfLyHLE3a0qMhVcMGkzzXE91Kd7LAL:MGjAviGZSFg2HLzb0VcMGknE91FL
                                        MD5:45265C1288735832303B2396D779A04A
                                        SHA1:4EEAFA5264C655C874EE683F428257418045030E
                                        SHA-256:6984CF0DFEA68BBC7D6496380C348379F4A5457FAA47288F0FDCF064D2E7ED0F
                                        SHA-512:751B9F46906AD7632BF81E75B8FD6BD57C51D19148BC48A0E4EAAA45AD84596EA58288EFFA2CA16BFF626DA4B44C5B055C0B3FD2EF17496AE722271CE82B0EF2
                                        Malicious:false
                                        Preview: .......6..4f...|z.[........Jf..eF.....(B.U.?.-.t.4.y..he .....).j..y... m...,,.`..T`....E..S.mcA...Q.e.q..#..0....b.7...B.J...9z...=>..H.......m.......oj....".m.%...A.-..@.{...Z......M.c>SQ.:.....2..&..../.."... ....?........Ci..~.(..J)...i|)F.G.N..0L.sV.~G...2..:.Z.Q...^..N......?9._..q.B3.l~....P...4.'..3......|#.....+!g..*..n.?].k..)..p........h..g.<-.j0t.D.E..w..KL.tI;v..7V.....V........HE..rf.jH\..9t...."o..9..Y.N..f.....".'........HU.....;}'.<M.)@.;.l...._.hP.Z.v;.....o....=.}............$..1......g g..i1..&./C.>.....f.j.1.i..'%F7f...qk..)=..X.~.c.H;.q&HI.....q..I.H}....^=....0J.K.&..}...a..:.,...8...V?.7...x..BEi.+...L<.h.T#u..#;..h.....W.....J.....&..Q....yxhq......O......>Y .p...^....d\..^.].W.+s1Y...o......_q;.L..b.;3yC[./......~d"].(.K.J.....j.s.\.....@..j....v.^....7./t..Co..f..]`..Bu.5....6iq.......Xk........swk...X e.A...Ph....>L}.T..pz........q...:.D.l..x..%......!yN...T.. ..].L.\..a...R0....g>..1.\...oh..`.iR.(.5/.H..-a..Q.
                                        C:\Program Files (x86)\AutoIt3\Include\GuiImageList.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):32160
                                        Entropy (8bit):7.9942013851587
                                        Encrypted:true
                                        SSDEEP:768:RZ6oRzmUm7ZFvNQCDpxjyAEXC6A8GyPkuEOeMh+L8Jp0:RrW3QCVxjy7S6fUMkL8Jp0
                                        MD5:274B7771A74B901EB197E0E661A4F93F
                                        SHA1:8703C8B4B1806F2415C801B4DD2911B7B128A22B
                                        SHA-256:EB40A145A70B1AB72371C2E7FD0EBB90DCA2EE94968DDC9B1694CFA9EBC65A75
                                        SHA-512:AAF1A53F44ACCE92D89EC34C0E5A181DC7EA00C182951287FDE3E6D6EAE7CB84620879DF81A65F4FD0E16C25B079FD94F15B35E1FA382CEB2B8E54107EF8C15D
                                        Malicious:true
                                        Preview: ...l....`iOk..`_}V.....2....:....'9..X..OV'..0.....;...........!a.@.fVV..&..j.....Y.X..p=...,W.]..x.f&...j.".pM.$..O.^A`..aRg..cRVIFT.A:...|...a.(..:.u.Q%_..S.;B..dW.o>.|.-.d?X\ ....{.+4..%D...CV..V...7.lu./g1GP....i..3.ZMm......f./G.............#..`...'b~...:<.2x.....6zH..y...O.Q.L..s.4.l7r...<iZ.+.gn..H.Q. p..i...[7.j.]..........G...D....` ..Q3K.i.......G.Mr=.]^.#5........G.c..m..-..k..3V....:I...B.Y..L.....x..t.(...f...2........eJ.I.J..........a=...-t..I...b..g........+...............$..{......+.)....)...C..tq...b....z.*b.......E..Y\....0....C.p.k1.Dv..k.t..qg#._.77&.k....cN..F.V~P.......iR.-...>h.l..X...\jB...3.....($....e....'jP...{z.ZoX..z....\O..x....E.F.n 2.#.w......&I..Q...<.8.j6..qS....).a1....[....*..,..mM...:.........p.x...g.m./.?>..32.@j{.$....Y..1..N;.qUq=k...............!x.._b..Y.u..i.....G`.E..n.tv3.a..!.n....v.....>u.3N.>]1..).Hv.O..[5.......'./...h0j....4.....n.&(...&..E.th.Fi.!....").........8-R..._`.z<.../
                                        C:\Program Files (x86)\AutoIt3\Include\GuiListBox.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):44624
                                        Entropy (8bit):7.996135909353959
                                        Encrypted:true
                                        SSDEEP:768:yY0uIdVHcuXxjg5AT8Cn5X+52ns+RNuuxlQzrJ/fFAVSBGpgveG:yVHDXxU5IX+ebRI+kJnF947G
                                        MD5:B81090632CF87C4469064FC1700AFA5D
                                        SHA1:D8B242EA2FC9B1DB69D89DE211581DE935811E78
                                        SHA-256:D31B89024DD5CB6DB8AD9C74E723531B7406C6F3474F7E17443833081678C3B4
                                        SHA-512:1C2B3136C8EF5D5826720D73FF3156398C0CAD6194C4B969479AFF8B4BE69F81B90601C5F5C8166775B41A989613BC1DDC5188E43C3C7B9AAA3790BEB05B7992
                                        Malicious:true
                                        Preview: ..k$F..R..[!.ZvFN:......ac.\...1..+.g...DH.:`..Xd.I.w..\[...r....E.6...\.y|d.\...^B.?.*.P./(%m......E..A<........pu/,...j.q...x.`.N.h.M..n.Q.o....A0..J.'(.z...f.^j.l..<..5K.Q........;.wD..<..".G..,F..t.. u.....j&..\Mp.....*.*.m.....4.y./Q.NO.sNA."..|G......,.hP/.n....O.)...$..t...J.D...(.1,...n...CI0..X.d..8 .J.C......F.Lb-..]..M.*.R.....`r....I.../.u...a..C|D5.}...N....~......7....I.*T..B.S<...i..F42...4.....u.....V.k...8...wz.*.,%..8.Q...L.....X.......V<...".|8D@.].....M.,M..=.]~b..}............$.:...........t.........t..w/T......!A..Sj....}m....... ....nY....8..)324...hf..&.S.o.M...BKs,.'B..bm...^.2.Ba.....0.......P...,...J...v......{h.![ht..O..X.c.[l(&".%.Q..?&...^W.:.oJH$...t....9.....a2.W.X."y........Oi.(....J..k_..../...R]....w.k..x.l. .{Y*..zM.>.*.].;\.m-+T;..O..|i]D..k...i.$....p.t....Wl.K6"%. b......!r.U..(iOeN.g.5...{..zB".5........{..k...i..j.do6'p. ....8.q.U.:.{=....7.[.......!..@9.....P...'...U9..r....G..Rb.. ]!...t...*..
                                        C:\Program Files (x86)\AutoIt3\Include\GuiListView.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):226347
                                        Entropy (8bit):7.999179125601707
                                        Encrypted:true
                                        SSDEEP:6144:CjIP/HbgDE17hzDB35g7eclJuGcuijErCn3+an4ovdHkUn:eWHCchmecl8GcuWcM+o4oFEUn
                                        MD5:F4E9A88C92E84961FB256110A8E6B0DF
                                        SHA1:DAF29B0758A98A57AC3A1D7658A1DCC23911C253
                                        SHA-256:640A7A649ED17C6BD4ED40787BE98DB313B8C54D55FED2D80D97B914671115A5
                                        SHA-512:452C1402D962C3E4A9EB6AE977EDAEF5C21EC469E18FDF9AF67ED6DCA7DF9BC05EE676F989837E389B27D2FE65CE05C5FB704BB531F2BEACA3BE86E384E3BDD6
                                        Malicious:true
                                        Preview: .g....(......Th.f..L6G.7...$..........>.P}.Wr8.H..\}..WT..(btd..c;.au.y..ySI.....E....y...3....YI.r.|.`Xs.R....15*.j.B.Qvcj......Q3...i.c...,M.{.jk.f...5..r.....X.4h.C%.....6..G...{s.t....k.$m.=..f........{`..D}b...f+...qr..W=|Fd......X...iev...[..o.7.>..mG..7.i.q........x'..z.( Ge.a....fu.;\.................To...;........g...x8*I..u".?....m.A9..l..hg.....@......K...)......u..R...!a...i..E...|.I-.{E..I...M..n....o..........>.Q.........w..B...... ..w..A.'*........[.;.D.O...,..j...F*@....f ............$..r......}.N........~....F.W...2......HLN$.-.t .j5...3../.%..%...vJ.....LGb...r"~..0._...{T...kMc..n.&......5....J..w*.|._..X....a..t.vT.%^}.|.dz..A..Z.......u.@.`..fx.|...0Q"n..!....v.n...8.....j<..%?.&.V...k..(-..8.Eg.........`g.....C....$".o..]b8=?...dY..e4v...T..i..oi.M5o..t.w.z.@q...*...8.S.......V!...d!5.B:..;./M..c;...m..{.....Co.....;._3........h.Fn.K....<.1.*..Xe....H.{...?.T0/0.+.'g.\L...7..<h.+.EW...3!a..G...$~fL.%.....
                                        C:\Program Files (x86)\AutoIt3\Include\GuiMenu.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):62444
                                        Entropy (8bit):7.996858550454032
                                        Encrypted:true
                                        SSDEEP:768:/MFXbDnIKZxsrrgmx9U/8GvSZPzmuDURnrjOujogo8UD0W12rTDviyYYukif4D66:/qJ0vr9Z9zRDk6goj7123DviyPhGQcg
                                        MD5:DE51BD195FD0FB3C74DF21AD01F04C95
                                        SHA1:51E33C2288061FC2B35A6B273363BB3904B29DE2
                                        SHA-256:6395CCA16F1D186DFBD7F880D726617AFF62235609C39C4A41659065826C18A0
                                        SHA-512:A1E047A090AB28E567FA57C860816A3E1ED6D58EF43B2CDFBF1A96754053AE159197EA47F3B713D7DCC0E8A85A79430699DD506BB574D153EB84A24D8BB8E0FB
                                        Malicious:true
                                        Preview: +.....R.v.e....~5....|h.!..d.s....BQ........Q...f..6.C.p........+..x.{...J.J...a;R..a.;.Xb.5T....r`..,....e..^[..<......A;...K..."....3......"....j...6q.A....O.n.8L}...sz]..r.....ed..T..4..Y...h$. .I* ...-M"..%{..R.y..b.:...T....)e...& J..,..u....;n.......r..........ap..l.-..m..0...........u..:.|7.Q.y..k7Y.t.,W........k...ll`&.........s..E..A@r.;...>..,+.X.}m.e.3`H..w*..i...+.{..UK.....dP..........r..._...e..L.o........s....:i.../.....\...M.D.T..8.|. K.(g....$@...i#.4y...K............$............<Z).\.x.8>*.9P..>R/gG..f.C..r#.'9.....d&..q'JX.^?.M...... ....0'E.1..H.o...6V.Wx0...Qo.R...+..9.!AA.......l... Q3A......(......y..u..,.b...E.}..D?......[&_..0.r..._.....h.GB._/...K?..EHb$...l..........\..O......\..lDY......,.u...8...D.%D.pb9.t:k.r.r..+x.g.)..:.GY....d$.hW..Y....+......C...xhvN....K.......u./ .V..S9....8t>.[..#.R......c%.ur.@L...3`.+..R1..N:"<r!"v.v.4m6.$.<....&........vd.:..=P.>..[.,.o.ei.9..?....l.dd{...$.%
                                        C:\Program Files (x86)\AutoIt3\Include\GuiMonthCal.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):45941
                                        Entropy (8bit):7.995678813017909
                                        Encrypted:true
                                        SSDEEP:768:fsw5Rx8NO6GoiZExHLXAchonl+4Y+3mFqcxZpjXeSklegy8HOhc1/OuLTYjlTRsb:fR16mMH7AwIl+46qcxjX+HOY2S8j9iUo
                                        MD5:8B9A492F343A7D0702CE2018FF8BBA3C
                                        SHA1:08AAC8F1C4D405A60C58104E4A2EA7777D41A27F
                                        SHA-256:B6579643A959491F4841BFC1A74C1FE25453DBB6CB806BF428EB917778CCAED6
                                        SHA-512:56DF63D6429984047EBB2B5641FB47F95069AF69066394235115449007C378A3E727A2998D46EE6D1ACC0B9925CCEBF015852E20C8E136B89F4603FC12512617
                                        Malicious:true
                                        Preview: .j...D%o|%)A.l..m..]..^Q6.i...mX..$Qax&m....>;.Zv+H...x:...P.".'.ts.E.....x.2.m...%.0#.y.B.g.J.uz.3...E...$.P.<.T2....l..).n.?.....A\cg5j.B.....(Z...:.$.{Y>2....>l.P.u..#*....C......%......P.1..l.$.a.....MG=..l..w.E.-....`.Vh.*o..1z..f..%G..._. ,J..k..b=...Z9.*N.5.D~$..?..1f\.....S{!Y.WN.wg.+#.@.....cS.M...K....K..{._K.s.7...;..gg.qE...3.Y..lLySZ..+..g....R.-.,.E..F..."+~....l.....m.L..5^S$.?...j..8.N...Da.."....|..Bg..l..=.[a....r..go4....c. z..[..LD/3&'..{=....... .}..Z..ce..............$._.......7l..e>.r.I.x:...>......$...d_..>.@.t....Y.....B.;.Tz......]...5.[k..$..e].0.....$..t.n.....n.1*....7.u(...W.?..[................S..t...4.....v.KS.i..f.Y.d.m7...\.Ws6..!..&zp..w.s.(V....k?..LQ...j..1.B..u.j..N.l........Z.4..H.Cj.. .Ky._jz.].....\.M.....u.....tP.'..S?.X.....{l...$.=.x>/....p|.M..Z(.o..]..+.-r=.Q......~..&.]%o...U.w.^..0maH.h.....1O.'.X..s.._X.o.~...l....$....E..(....V..?.........W.|.....:.Ex..K.....Mc. ..Q@t.\<u..a..-...H.
                                        C:\Program Files (x86)\AutoIt3\Include\GuiReBar.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):70334
                                        Entropy (8bit):7.997284176781656
                                        Encrypted:true
                                        SSDEEP:1536:8vr1d/lfkM1M/jiM8m74GbuOspgliqvWtgjfe3Jj9zD/BWB0ua91:+Bd5zyijm7HjoUiqutgjGzlWB0ui1
                                        MD5:3AC439CD36A2F512D775DDA99689ADCC
                                        SHA1:23F086EC42138B4903E9B9B6514602003BE45981
                                        SHA-256:033851CF2BF27F20A9A75EFA92412B031DED1E69C25D87BFE98EFE544FB8278E
                                        SHA-512:915402AEC9811A2CBC9CDCDC6C6640077E45979E7B1FDBD501CE4FEA6F079A116F16785BA6F41773AB416E7FFE2B8FC2EAD52377EBB2235A3194BC30A2AD0397
                                        Malicious:true
                                        Preview: .]"z...D....`._g..'.,8.f..u1r......Z...^D..>o...Wf(.WHN..G4...3........1..]..P>)....$,.I.5.}....r.-'Y.o....t2<..O.<....K.&.mG...6...*..LZ..Z?V.o..>....a.{M..H.....}..K./.j....h6.....W..%.......V4.?..4.-.^...)....-..cTB..4^.r...6..V..1.....h.Z.......&(......k.2....T?.y..P....kS$@..$.9..5.p.w..K3...j..QGv.....Bg....G*w.g.e....&......L....{'../.%...c..T.A+J.fY.[G...Q..B.w.....O......|.>C.S;...B.2..%..).....=$g...f..M..K..|.+5....k.... .v.P...J..P._.......-...{.(.W@...` m..u..z....d.............$..........:.OW.8.=}..: *.e.Z.jQ..I.........@...+.[...}..>......Y.6.x6.P$e...1.9....B..B.2\Xw.H.I...dL..4=..;<`..^.......B...l0#.#.R..........i."7!_..{+............N[G...f..o;Gil..._4.......E.....r.q6kD.8.0..sc[.v'....n.;.;.(..x."...?!Lke..>.(.e.:. LI...c...R...@K)..n..(..9..'.........oL(.8@83..(Q.|.X\..w.|.?.ND.PkV ....Pk^}..0...>.*M....:.&.(g...I3...^P. ^.bV.,r.p.......P.k....3...u....^Z...Y.M....Y.d...F<~....V.."....w....<.s.?.8..F.+.Y?...3.....K.J
                                        C:\Program Files (x86)\AutoIt3\Include\GuiRichEdit.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):209711
                                        Entropy (8bit):7.999108179435041
                                        Encrypted:true
                                        SSDEEP:6144:6mJvlJL+O+HWpQIVP1vJ2ohC2kx36p5bfXtoDbPTetwZ:6SL6HEBvJ2ohCj36wbPTetwZ
                                        MD5:3E334001A98122E9E102950285B3FEC7
                                        SHA1:34EDE8827D772855ABEC92F69FE758B9A694EFBF
                                        SHA-256:D5B992C88FB9C1CFBDA3FDCA31B6D78532B26C27259CEE6BF9A609DDD4C9ADC1
                                        SHA-512:72A741FBDC94FAFCF37F74F85F358C0185655006FDB2784B00EE3482021AF1487C3C8A8F6BD689795D5C9EB030CC51DC9A1A43C7F8721221EEF0001BD4D02E47
                                        Malicious:true
                                        Preview: ...CKI..m..CS.*w......T)...}..C..........c(O\#4..f.mh....F*w.x./.....b...&.O.K..cXd.~......i.......j..b..".^.K'k..W.d..k....m..m...J.R]...M.:..T...1..I...:T.|~..8.Yt.8.e...2...A.u].8d.c.../.[......].1......._....,.)......;<A.9.......zLp.].;i..7....<.........xCt..=/m.y....o.....d.=C.<..\.iW.vy..`..7..z.E.T+..3..e..E.8MEY.+n..Q..qg.....?.......,.0.d.-W......>..J.<.............+$._v,@.....B.x..%....;..=...'.\?.T...7q..D.f....z..O_..].P]..X.@.=[V...SUL.+...Q..{...O.-s..|.M... ...............$..1......^U+.."Z <.^cg.m.p...Z8..........@R..#..s@X.EgSX...E...9.)M......4.....A....d=..l..y.Oq..mdTu....i.x..{......py`O...X..2.&BA?..;....:...e.}..,..-..S.>.hV._.0..4......'..w>..g....2$R....(8.....B3...Q.@..2..*<S.c...vKb.&.<!\/....U.Tp....I...{.m]i6.../.U0..Q..,...J.....].y.!W....w...A$..6.DSb...P...@.JO.9.u1..-F=~x..Ewu......Z0.=.....A.'./.J..@..........ss.........J.C.E..h...b..;....6T....OJ..~oH...^.I..)VUqy..-..y.Q..Qc.1..]..j.s.&Z
                                        C:\Program Files (x86)\AutoIt3\Include\GuiScrollBars.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):25250
                                        Entropy (8bit):7.992773868610349
                                        Encrypted:true
                                        SSDEEP:768:hbUCzJgJ8OYMJRr9gGuRKab6hEdXkAD74yLl7VPcfpi8DC:3glYaR9Q/Oo0AnVlR5j
                                        MD5:E2B3BBF5C9B2385CCABE11969EF66628
                                        SHA1:39750DDC789A954EC37CB6A330673DCA7883EDFB
                                        SHA-256:08EED52363DAD3509FACB45B6740BE88609590B43B5A8BAA9A10B400567010C5
                                        SHA-512:0ADDB371A1FAE049BAC6A658A05ECC23C368763E893E54A0388D395F5A7F1F4D8EEF29E5992E930C67689196C5B69BF2772865B3740051BA9561E3C545C6348D
                                        Malicious:true
                                        Preview: ..z^.c6X...>.e...7Ul.##.........yC,..CyL_.k.J.......J.%.{_..88)"w.....*.r.QU<........5.42.wc.....G"l1.W@..Oqg.yr.I.4....G.5.\..h.....k..J9.0[&....-{.....................a...@v..b.3.NQP..vYe..r...p.....qLQ`.Z.f.....it..)..@.B..t.1.[?..FAG..O........6..9s.6..Tq...p^>t=.'0p.k...m.o.!<.+n.&...I'..&..y..2k.S.-%..Cdd.n.Cb.o..+M.......: .x....$p ....e6....k&.({,...#.........n..l.......K..F....R*.G0stRnN._..Q...t...F...EU.J..lG....O.|...#..4C.&.....Z..*/#B_?..b=.(..b..F...1D.=.'H.|..r^..].,.+...E9............$..`......o.#U......` ..$.A.I...d...V.......9.....B...Q..A.....rT.[D.BHB..?&kQ.RQ.=....N.GK....^...U..}G......my.j........{....+..."..WW...b.Q.s..q..5e..r.T....eZxx<..........,......79..#r\?:..i=.N.c...p}.Sim...=.J.qYy<.8._.o$.@.3...c...i.wF.....F"......+.....=......^.=.N..?.).S..>.<.6.FE....Aw..w.Q..4l-..M....d..6..^O..{....R...)..io.a....p.O./x$^...R........6.ae...c..Lbo.pPT..\.......&.....b..$.9.-.(.....~.*.|.|.....Z....y..Q.*\?w.}.
                                        C:\Program Files (x86)\AutoIt3\Include\GuiSlider.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):27308
                                        Entropy (8bit):7.993334369242762
                                        Encrypted:true
                                        SSDEEP:384:R8PJ07YeOQ2ntlvoz5VdHyYc6FwizJdaT1jt44bu7bvMGuzAL7Q6++qJedaMXm6/:97gteVdbc6HdYwGu7Y1Zbedav6/
                                        MD5:628DF849EDC679BBC3572E9F9EDF5E4A
                                        SHA1:8944C43FCC023FC27C9F3E6BB424151C73FAA484
                                        SHA-256:C6040D4CF251D7F0691199FB4970E69EEA3CBFE2316CF864500E1BE35902D92C
                                        SHA-512:25AF43E52A4E1FDF726D0D6135EDC23CE447F6D37D9297398594B8CE8AA7723029342E947C8DB7E97F924E449247A099AD97F570049F27A10B817C1872EE1FD4
                                        Malicious:true
                                        Preview: .........6.....!d..{.u...2.*.Q#lPI.>8y[..{..!0. .......q:S....@.....-.;..~.1Yyc..G...sD...0q..K......h$..a.k...s{{.....rO.`F3q..-hU....\O.....$ ....7....R...... ...........}F....SJ.._K3...;`.k.........^....zP..Tas.e.W.p$.!R...}...q.....h..;..'Iix..S.T.b..4..&.an...d.]..l..7...ZN...*.^..jN...;K.o.!).s.w.V....K.L.T..nA.&...7[.....,.(...L25..4C..%.c$Q-..y.xX=.^..?](........AI........q...JG...o..uF....I.{...]....%).{..;l\.h..=f.,z4rGC.|2&..P..w.@%.K.......~..Yc....od..o.z....&.$............$..h......T.o.[.<...b$....H.6Z+.u........t..2....:.|....@...L....F.."@...[.DE..8.4...;;..6i.a._._wx.....l.b..2.<l..5...r.*"H.C{C.G(........jg...cM. R..@~.........a7'.....b....@.e.Hb.`...RLxR..6.Z..A.:.X.. [h.....}\D.s...M....w......Ut...S...E....p.[^T....IY...z....!....8.Dtv.|.P....1.....@..$.kW..-.h.v~."A........eTZ....sj....y?s.+'..^+..'@>..|........|.>.O5..%Ig3.UZ.a..z.tc-}..8.K..#eZHU......[4os.%.1h.X>z.9.V..jHp.?...H.h..,....A.s..1..1c.
                                        C:\Program Files (x86)\AutoIt3\Include\GuiStatusBar.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):31881
                                        Entropy (8bit):7.994297452241912
                                        Encrypted:true
                                        SSDEEP:384:NyOLAcDpLxb13qk6jCwwV6AlmEu3M/wbM+cpJU70eAghwXA6B3/fFCXpz6dh3AuC:NRrDR913qk8Wu3xc0wedwH3XFrd9Lk0E
                                        MD5:B1EAD2194AE7D21D13ABFB1686D69746
                                        SHA1:892CB31377AE1CB20D319F796A4DBCB50981B522
                                        SHA-256:A1238FA6B6CDFAEA5FA47875DDFE6216533B2418DB6A864059CBE70A6D6CFE45
                                        SHA-512:2601A6915754ED656881DDBACEDBDC62FD060A902F9269D49BF936A16099F00B3C3CACFB2DCA0F104AF4C6BD3B14246D25273123F0BBA62CF7D9D9B854FC29D5
                                        Malicious:true
                                        Preview: ..e#..e....]-..7....~.........q+to...._..M.p..B. ....*E[.........|h....@+.~SV.:^......v....o...h..b.Y.Iy..1..v..g...t-...9si......y......&.p.......d..7...}..k.ir......./kQH....8+.U.....[...n.hn.}...=.Ga..9..HA.b..].L...0...C.d...B1.k5..+.\@.A../^..N.'x........)......v....q.O.b..b..T#`.1.7....>.V./=E1..3.n....|L...T..h..h.+mG..B..........c%..f+V..c...:H.0.#.w.u.e..l..]}.....f......,..s.s1|..A..S.......6..'.(..G.......'_.$Vd.S.5....e#....b.......~..j&~$.w...s.GF.c.>.XufT...............$.sz.......h..!........kV.!V.....}.j...........).q....F.P?.-..u..../}....+..zN...q...vA....P6.k...I.]...;...g.z.}nu.}.t;.,:nR`b. .6.+.U..;..,.QR)BTm...j.../Y=.L.2..K...p+.....2....#.0.y5....09gw%...V.'...4.60.[ ...n.Q{...f;:.3.vP.K....O...o...\..*@@b&..a..Sy..%.G...iB.Mv8.B.Cv...;.k.w.n....... T.ZCMa.+....s..).S...V..m$/..t+.........5.;U...m..g...dho..WaYP.Io3.<.`.......[b.=..N&_. .M.l.3..$V_..-..o^.Q...x..W.E....c]&0.."j:..G..rJ..m...[.&...[D....o..?...@
                                        C:\Program Files (x86)\AutoIt3\Include\GuiTab.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):42001
                                        Entropy (8bit):7.996059118380515
                                        Encrypted:true
                                        SSDEEP:768:UkRJlL8+YHX+RgEkuOAKPdObeppbG5hVDj9x1t2ZlvtrmH:pLNYHX+RRkvdOyppOh1z20H
                                        MD5:960017D23F01C6A28FE92DA28DB09BF7
                                        SHA1:81F602DE436A42754C7F818A3309F1DA07F961B3
                                        SHA-256:1263ACDC1AD3CD69CA63B03750A8AC90B2A53A282547004DB69D7483B984340C
                                        SHA-512:94DA07B12B5D2E834281907DFD05422FE0C6A8439A51E9E70875A42EA86B2FCD620D68AB6A0834CA64FE76593B28CD75D6DC475939845F4EAE1FEBC34DE817AF
                                        Malicious:true
                                        Preview: ..e...UA8na......az.......kI..h.k..^.k.,..hD.....Tr......qgH6u..5.*......."{.....:...x.......~N.U.J^.VN...A...^.qL(M..].x3_Rp.s .1....}%Jv.U.Wi..[....?....<8F...[..+q.1.#......ra...N. .R~>.f:1`9..q5..J......e.6....>.9...w..U...a.Na.3.z..........Sr...b.U.E...[.F.../..Ry...[6..|....G..".6h.Z.{k;(sX2......fu..9..?.Z."..Z$. Kf..@/..b.Z#E/|.e.NF..^U:...o.D.o.t.fi..y..z...GZ..I.8..O-~...@.....r.|S...!..>.d.>j.S...9...9.aPZ...*...P..n....k.."j.Z...h.W+#...k...aa..B...F..l.`Y..7.^.f.UN..9............$..........gy......G.f...A0ehd.w._.....m.|...i<q.I.e..Q..:...Z$...[I.Y.&...@\..?+..K.Z.<_.....%.^.D.G..i...N.7..0....*.3ju.F6<..)..o..g".....d.......%e!*i.e.Q.Z.zf....9c....5....V.TX....3.-S...IM.dK..........rYx4{1.j.6gp.g~h...;o...8...z...\!......1..4ty.$.&.B./....Y....h.j...A..>6..X..G|........"-z&E....CD^.Z...,..'.n....<.O....].,.C*.,..1...g+0..O...H}.a..2s.=._..vb..L.\.5.?*..6.2E.;}>%.....<.L...V..;..pkFV..Qyw\A6...f2.,..VM.r|P.6....y.w......,.`'....}
                                        C:\Program Files (x86)\AutoIt3\Include\GuiToolTip.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):49071
                                        Entropy (8bit):7.995698398710993
                                        Encrypted:true
                                        SSDEEP:768:IR1WJlO42ygLMv8tWG2Fstl1g+EnsckCDAUiMNzE0cNhMdwkX9OXBzvdD6td:yGsryt8wG2Stl1RzwASVE07dwkX9Yl+L
                                        MD5:8847167E9C195BB22C895E0664298B37
                                        SHA1:ADC2F1E588517767DAC427F7B418B88F2BE1BCFB
                                        SHA-256:5F0960325ED4492C46AD7892049BB13B6408B2C553C49E6408827CB65E2D08C2
                                        SHA-512:45363B34AB5B0D8CC3804AB30217FB13E59F0C55A1B4BC38D614880E2E75838B04184CEF820826A905131D02E07151B0E917FDA73D017222EDA9371E0C383C41
                                        Malicious:true
                                        Preview: 5....@...o%VV...9-d.....!...X..{A........p["D...U...w....o0....fK."....';.....>C.z....q...L@.v'd..Q.}7g.4z8..P.T.:.Q.D..kq....".......vMU.. ....w.e$URK.V3......Yj.?...=...5BQ@F7.PL.E.x.R......~K.Ml. ...!l.-L9.S."..,.e.L.l.Z*....ew....f...._$uc...xh....n.$.b%......C.....C.{~x`...,.t.bV.....V..!m..;...`#y.........J..0..44u.hu.E{..?b../......<;@..]....{P.^>.~..M3.0@..%."..k.Q...J:.P.;V......./V...9x....-.JT......z.C.~.r.....)o.Q...O....k@...]`..y.x.g..U..46&...........:ul..@$ n.............$..........=X...&...Yhc%......;..-yN..Q.>E..Y..3.mTH.....YP.<r..n...I.......t<.7..E..P.b\...U.Lb.%U......V./*=.O...:TxE._..%3k..6...#.OU./.r+.Id.\.:g.....(|.......T.A.s$...w.r...e..7..C....}[.8D...Q.6...e.i<...u9..Q@.Z.T.....$.J....L.w,d..M..Y.!......L.+=...LF..2.nI.F..W....>.(4..&..h..d........~.@ .....U0P.n6..*x...Iq.$.....g...j..j..$Fk....A......-.V..@....m]b..G.B}/.W..c,7.&...,...S.....5..v...CQN..J,..E.U..S.5.3Os_%......IW....^Oh...'.`R..
                                        C:\Program Files (x86)\AutoIt3\Include\GuiToolbar.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):89950
                                        Entropy (8bit):7.997854056712904
                                        Encrypted:true
                                        SSDEEP:1536:5t7cbuQcwZwhTKCjZ0SqToVim+4jksBznIi/nlSQR0m1YFKaJ:PYbuQkhTpjWSsuvjkMIqN0mOEaJ
                                        MD5:C20BC087B225FB19C39F94B0E07301B0
                                        SHA1:87AF1F95A142539CC167272D1B8131BAA216B0DD
                                        SHA-256:FF25423712259B69E9845D7BC7CA0B3DDF295BB92F29CAD33F79C49466E272A4
                                        SHA-512:87195F32A53422A490A92310FBE7E7D14D45DF5E93AABA78F7D3E22DA43B997D5BF99B1240192652D2F86BE772B266C6BF540C0BE579240DA72EDF2988D6BAB8
                                        Malicious:true
                                        Preview: M..sW.n..e9.'...bF..].*D..U...).g..n..k.....WH....&E.^.5_Q.'.D.. ..~.8....M.s..V..Gb3UCJ..'.l.-\.\......r..Z.^a.!~....A..5G..sf`.....:T\.'.C..2F...K...f...h^..T.....Q)a..`>.F.@ua.8..yC...8.r...1.9g.8GV.z]u&{."+HK..y...S..)...3f........iH.x.~....JY.......c..E.A.b7E....m..Y........8...r..r.3..],..|q.$...y;.. Rr&..Z..-?..0.49.3.\....pq.#h...`O.N.`..;Q..l............K;..P..X..l......@.[..X.L.....S..[.W....jU..=...u..3.s.....|Q..Z.hNQ..0..... ............R.b...&..L..#.;.n+B{..m............$.H]........S........W.K...n......YL.....=..IU.iG.f..t..e+B.l...C%....lN,-$-]$.E/.%w..o.\/.1......+...<80.K.?......D2]T.._..J;._z......;Z7....7I?..MEL.HG4.*.Ad0....J.P....@.q....1..m0............<..k..P.2.Lo.Pp...A.t+X2.j4.............;e..^.[.vbL..h.v;c....Ic.$.....3..'z. gI.......}..}..j....b7b...4o....Y../I..C0.:.yj.$g.....Ck..../.. .......-.2.:......X5a7...p.s:..#V....W.-).......JZ..<..W,..M...`V..4...'.'r....}...N.^..3.M..-.3...{.58......
                                        C:\Program Files (x86)\AutoIt3\Include\GuiTreeView.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):125839
                                        Entropy (8bit):7.998572068263197
                                        Encrypted:true
                                        SSDEEP:3072:Ln2Vqr8TXazQ/zxXJzjD4mmzOLhqPtMvGU/m8lTB5c:T248uzQd5fD4mmzOVq8RZ5c
                                        MD5:4DF5BF083ADA3DAA140C72ED7346D801
                                        SHA1:C0572541A5DC4CD9056D9E021BA3E4BF34C18C30
                                        SHA-256:38441CA15E393C4D536FEA8CCDE2BA055FB5D5B400C6A14C39F43EA55F3A773F
                                        SHA-512:A89FED514D39CC7AFEDDFF0402EC0A4962970CD56289F1A642710F9712E62E85675FEDE0D1363C847F7FB3C4CC5DF7FD32BE7BBC2782EC95D75FE949E6EA33EA
                                        Malicious:true
                                        Preview: ...\5AJ?..n.......~........iV.#....!1@X!..N7.7....x....0i....B............Xr....=!U.........Y..rysF...P".{.7...... ...f.P.....y-b.e.G...2L....S.....6N"]..<..T[%v.....V.[.T.........1r.....G.A@.I{*..[...R.EW..6k-c..r.V^.......Q....._....y:.`H..C.d....J.m..k.<...C1s.6+W.uj.....[*..J.2.......e....S.....p..XG#.....g.2.br.......bp].[X.I.C....FX...o.P..x.2..N.P...B..A_.z..........`..q.9.....O.<a7..M.,K.Fb..>!.w......f.....e5._J.....`......"2.....5/H.....!D...7...vv..s..@.j.jZ..+....G....V./.HM..B...k..............$.y.......6.T.0..I.Ie........]J:...8O.._y.9...sr.jlM.......?.tKl..Y..>...1(Og..L..k.v.KM~AU.4$ti:Zjv.s.pD...]':....&J.}.?../P....yyx8....j...J.e..2...%.gY.4..9/..l.[M......Q.i...mQ...Qb../..k+P.r<|.*.t..M.rpM..F...w.!.Y..:.:...:...<..-.....'...Sm.H.wjv1`./.b.c.._rh.....D..p..T+*.p.e~..Vt..V_. ..d$W..j..O.J......I..gq..U..eN.K......8..L....:}.....%....Nq...|..x...2..,.m....I....w.Q.P.#..Y].'.O.is.P3.....|..:...T5%......af0..=^...b.cN.....m.E.Z.........
                                        C:\Program Files (x86)\AutoIt3\Include\HeaderConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7547
                                        Entropy (8bit):7.971390740652792
                                        Encrypted:false
                                        SSDEEP:192:p/r7d8s7vq7wWfpds013LGj49Q68b8jruw9fgq:prCivefpd59689PiMfgq
                                        MD5:E79DFB1220A29E7618376CC80A50C531
                                        SHA1:50746B3C05FD483F064328781B31E9F50F255D62
                                        SHA-256:A0305CDE1DF307D5E6C0DAF548555A7F128BE41A317181895B48F0F9D2F313A4
                                        SHA-512:AE0D498897586FDD3DDDD5D4EEC46D005659DC690E8E5E13C0D139B0B8C6ACD2DF5BF6AAE72D46D244A7D05C577ADB67E2F7FCCABCA61CCEF0F88FA4DB7E4BF8
                                        Malicious:false
                                        Preview: K......H..=....E..s...cc..9..*.e...,..,w...J.;.V..Z.....h.cl.....`....K.$.B.P..^..F.W.}..j.L.R..Y .)..b#.1{tY9.....q?..o7...Ba.u.}GE.....2('.P.wF.&..GH.U.#m....._3.=.Gp.S7@.U?...].R...&q.....7A....-b...'._z..f<.......~.D0.e.__.....jUx...f.G.9?xS.......53dW...$....WZ.b$....3........{2..l...1...........k....wHr."N...w6..p..9tP.....>F\X.{RC6.:.>r..s.........Tq.........].9I]E.|.}..Z.._.+dO..,..l.^+..F.4.U.._.Sk..z..\yX.K.[.z.7V.9.X......".*.....: '.ef.?3.$....h#...;<...'(....l..].d.....b............$.e.........k..{.......,.&..9]..^8...ZMY..V !.B_{."..MK...{.<aq..!...\.$jDL.<..>9....i.;>.......vf.1.......\..<...0R%4..'.t.X.:..V.....?.e....:J..4c..>.lF..^k.......`......(.....>!..C...\...U.8..br'...eZ>{+...B .b+........E....ut...{..?...kN.c..7.a:.yj?....^..g.....\.p..........g-..?v......6.wG./..oD...gh1....u....d$.n7...2... L.D.q.".....@.+8|....1......ui..q#O.D..........=A...i......o.d.[..%.G.c.!.b....)?SP....[oe.J..+..kUo..Q..~.9.{[V.1.}dh^.
                                        C:\Program Files (x86)\AutoIt3\Include\IPAddressConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1908
                                        Entropy (8bit):7.8881031411345655
                                        Encrypted:false
                                        SSDEEP:48:uh6CM6zCEb4n398n+KiwRATqM0wgSGy6dr:uhTM6rcu+KiiAd0rRTt
                                        MD5:6AAB21C9E1CE1490458E6AF23F9C077B
                                        SHA1:4BEA1460AB85BE224F72D1D777C8F5EE9D204294
                                        SHA-256:4BDB45067F88F85566767EDF71E0382C06A2FB28D8611EAC0504AFFA7E406187
                                        SHA-512:C4841CC4E9BEBD5B00C527A4EF30A99D76592B0B8FEBCA533B84696055C005B698208704FA88848D16552B1D9970FBCB9CE66806CDF18CEB49A1F9ACAE1D3583
                                        Malicious:false
                                        Preview: ..N.t.p..=v........T..J.w.b....om....P8.).@..KxI.9k..H.]c<......<b.7X..g..V..DH..S2V.....T..L,.H..AXV.G..FsQ.{f.-.#.P.Q..E{...p.....{..Fp+.W..(.%.4a]...jD# .D.8...........).#./...9.5.....Et.y.h....).....^Nx..apc.u...gbN.1.WUd.[...../N....2...W..t.......S.{+b....r.,.~E...c..x5Zp....@|.Z..9....Z.=b..E.zL..xO.k/g.....S.[*.|.5....Y]@.L....`>..M..,)a|..r...D.2L.._.{.-d.n...)A..0.ym~i/.~.Y.jI|.....?.\5.,R....G.G....9%......,_Ne..-...C....q..)./.>s.Z....'.9D]V.'..a.WV.[.z.h.....g.m..o..W............$.^.......=B.A,.5...@..3.D..#qt..=CW....0v.0#...]>#.I.z.Nqnj.4....8.o..../....Ch........t3W..P-..`.$...x.$e.._.+..y....KpD..<.-.=....k.....n..3l..k1!E..cg2(O.....Dj...4|.Hg...j7.q....=.-...U\..'`....s;+.n#.AC........Q\w.xOGn.;...6../u...?O....H.Z..k.....tp..0.?..'-.~......,R`.j.v.i.J..`Lq.D.I`...[....../.Z.Y..I..gv...WW..%.$,..%.....2.....l.E....S.-.K|K^...C2....]..`RZ...wI$......%g.B...X?.!..l.\1.pi........x.-)g..Bh.M(....Ni..G...H..d.A.. ...w%4..
                                        C:\Program Files (x86)\AutoIt3\Include\ImageListConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2279
                                        Entropy (8bit):7.922064434838063
                                        Encrypted:false
                                        SSDEEP:48:I0E8O8nQpBVQOuDCBwPExwaPXabtVImUU4oEZa5Kz:IYIBTuzEhPXaBa
                                        MD5:BF23D14077847B92C5967CE867754C9D
                                        SHA1:87802D49D80228B6E085309A12A8C90EF773F463
                                        SHA-256:1240CC1AA9716053E6089CD2C6B71BCDFA1F4471DD0D0F28F50355042DDA596A
                                        SHA-512:E49A1C65EFBE7139D0079606E420CE44157351222F6FB6287546225C6ACB255411DDFCA86456774C9A07965672A7E2DE0965A86B8F0400A7FBF2E8683482A30C
                                        Malicious:false
                                        Preview: ae..L...x.,.I.......?2L....n..x3.*.......q#.H....&[....:...4%..Q:wc>V....6.]xX...(...:./O..RZ.#/"..WN...Y/...g...bW..K..ZXU.m4.V....'.Xd..}L.p/...-..._..(!.$8.../....'..i.kV.B.i.>...'m.x..9\....|u.V....y........)..d...6................7...][...7.\..<.ji."..Q...:..c......;l..c9.......h.t *...=.r.....!.l?qL......(....(.2..S..M$.n.W6.H.mA./nP..9.Y.=^N.RE..c.........[..@.t..........0......T=4|.!3....e.,.....8.w&.N..t..X.;]mLy...Kr..~Y..@...B.H.....V.W...G..M1.v#..)....Q.<B..$.....[.............$..........3...*..5... ?.....K...kK..~<n...8.Yu.s.6.\q..`kS..k.,.z(......@.:....xP.y.....(...mf9....z....C.".!.h.X.x.q...;..W../..o.Z&....X......u..<...n..q.\......(.#kw..}.4..4v.GnQ./V0K...*.j.o..o..[..|J..... .M8tx_.=...FE....O.&./.[.(.f.).h..1;.'o..u_x...rg...s...kS.........~e.5. +.&.(c.@..EKNH.=8..6U..x...Q.$l.....|.^+.&k.{..T..~..p9o....n...O..s.l.5...z....9(J\.Br....)\H......$......Y.s.)..!C.n...w.A../...U...}.l5a..~....&+...>.>...&.....L.Zy.Q
                                        C:\Program Files (x86)\AutoIt3\Include\Inet.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):15655
                                        Entropy (8bit):7.9879522239533305
                                        Encrypted:false
                                        SSDEEP:384:H3gwYPdhtKr6kTVDwGJXa3lePcwvoCbkb8cgF2+5E:wHPXfk5tJq3le0wgCPP2+5E
                                        MD5:23CE9F8C4D611BC724DEE8E9C5C7C21C
                                        SHA1:4638E8EA53411766AE7AE97501236557E6BDBE30
                                        SHA-256:403AE142A29087CEC41A341EC120248366B34A24C568153869024CE4251CF979
                                        SHA-512:E847E92077FE67EA3AC5409845A57B05FF6927F617AFFA7001D49E00AB79651DE67EC014FC60BD6EA87AE9BEE6655D8DF30F40D7E5391268DBCA892FD04020C0
                                        Malicious:false
                                        Preview: .v.x-xg.........6.~H...{<.@.%..m..H>.K...R..H..z..c..8...<#...L.6.@'L.J.b.....j6...G(....}&.p.L.G.....~.6>.+.....A..s...s4...Z....u...Mx[...u`s.r_......6e..~k..!.X..bP.L........u.. n....g..5,.......j......I.......k...1c.......m.S.8.A<..S..#....oy...-WuM.....Fc.H9%./.d.......t+.ap#O.Fz.A..._Ca<?.p...=.\..q.`?.]N.I....h.s........z....q...,Z.6......?As.r..5G}.!I..R!]......kV.n....fp.,..IS*..{..g....}H..v...X.'.(+.5.3....{)....."....qC..s.R.7.7...sS.G........-..'>.a...{.Q..t-...A..W............$..;......xN..7\..M./:T.G..}.Y."E&$....T`.'...."..*...Z...z.x...G...wa~3..#..D..F...#zt.e[j{.z...e.nkgu.$k.-.gJ..R."n0.0.3..xU+o.gGE...._...[;o..v$:..1.i...!.\.K:.Gh!Dg......D...b.r...:..y..Q..DQ....7.$1....5...>.}...6t.....VW;{.C.nWPT.m.^u..[c.O.\<8.f{5.h..G.~...w42.R.....D5%...]...)K@KKBU..FY.v,w.M....~..Q:j.yZ..o.....@m..`*....H3...`..k........V6.......^..2..y*.....v..\.|........0.....c.:Qu..(.NF4.QJ..T....M.....Y.D..|....k..moRy(\.:0P..@.j..-........
                                        C:\Program Files (x86)\AutoIt3\Include\InetConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1830
                                        Entropy (8bit):7.880578802460688
                                        Encrypted:false
                                        SSDEEP:48:kAnwmyoTQnhORQLQF3Qh2rkZ+jqIzqp3xycem:HIhmiQFQcrkZ+mIzS07m
                                        MD5:54C4088584B344E96B915218AF6050C6
                                        SHA1:94ADB512324BE7747A7BEF9769834A974D748B0E
                                        SHA-256:63A9B7BF0314A3EDEC8E1BE891DCA6613B0701F84A92C1F463AA2E72698A6C0C
                                        SHA-512:2553BF8A8E1E7C975EC6706B3545B59213AADDAFBDD6C3A7AF896AA80A8BEBB86A55745DFD651703EB20AB36649095916BBE1A3ECCA0349B8862E82DDC760F52
                                        Malicious:false
                                        Preview: T.......E..FL........F....?.g.......L~...4.oji...#S2......x.f8....u...$.:x.r..l%...W"..Y..&....R......_.L.ze...}'7.e.>Gp.j....$.O...Tp.. ...<A.W...V.J.=....\....L...}...L./.AZ.........E.U.>i....Q=M.j. {&;...+.QS..9O5..B.5..v.p.E..v.|.>T,MQh...B!... .....A..#...o`.4.BJ."`.2.).].l.v...&$t...y+.FO-..C:..y.p...?^..._...A.E.\k...V.....W..r._.R.npa.t..t.y.../.....TfL......s@..v!.V8.z.>:w...L.tu..D......o.b..^`..d.S._..i4.....A.S..-...m.W=.sL.#......u.6...D....+z+...l_.\9...z.,......'..?............$.........Z.....o.y.g.T...U.r.....z0s).;.^y.qbrt)..GB.^W.T...;..s...)...|...m{~..4j.....[.9t.2.J.T*...!.m......5>..Q.1..W...xqs}.....Y.W..>S.&...<.X.A.....'C.d;.D....Q.<.B.Ohv.7.....Z.K.?.jQ.2...jf..:........H.....@_....3G..a.&.|...4y...?....M..h..ck.(..#P.._)-...-....9..?K.....Es..S...s.d.+o..,8.fk.G.th..t1..A)..:....9.....9...b7.4.z..T..8.X:B.3#.k|.'r2.Pq0:.1.Y.Z.%..]B,..N.iD....6...g...V......i..."~C....U.k...rS..H-Y.~....*..t...d...X...`.Y.*`=.
                                        C:\Program Files (x86)\AutoIt3\Include\ListBoxConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5558
                                        Entropy (8bit):7.964312708270611
                                        Encrypted:false
                                        SSDEEP:96:BSsiIv8zPjnmUmJHpLs5H52T4mhEIkOVXBpL+AHSKIYe9p2FUZgQWVkK+:TiIv8zrmUm9pLKEVMO7pLzSKIKFUCQhl
                                        MD5:AE15ACF8D7FEC927126B01DDE7364CE3
                                        SHA1:16FFD8E8AF8C296A8C1F8B822BFD82A2BE9299E8
                                        SHA-256:ED75DD896CC63305573A9EAB487587D256DBDFF721E2058FC9818BF73240C9F8
                                        SHA-512:09F1F3239CD6D35EB1F5F69B036C3F0859251996639131B7B287966B7D81F1C2BAEF254CE1AC8A40C88BFA3A342F27635FB4024570C583B1039C39DCCCAF7FC1
                                        Malicious:false
                                        Preview: _....U.|v'...`..kvd+..uV.b.R.$.......?T....X.....n>.....Z..+...i.fQ~#..DRb.C.SiP......%7...?.....j\..e....X]@.?)a...N..WQ.8H.....h.....d.9..OT.1.$v....}.:.........:.....(.?... g..U-.hI...aO.t...(*V....>I.o=...Gv<.....5..T......*}.@+....r.b. |.j.....I.2.....~.xf...U2..~..5..V....u.'S.aqKwXA.}n.l.....?......J..l.v..T.L.#4..|.{....b.....,.nG...|...m..%..."y...PU..y.8. .u.......0...z.vd.Y....-....Yo....6.af......p....!..C..B.{1.u..#...t..@1.t/..d.U..@.#.,...'...-)d..%kp..7..#.h.2.................$.........M..H.2Z..^.q...s..C .........0..s!...= ....Q.....(..F.e......*.hCd.~1iA.O+({.E.[...`.5.}.b+......*:.p.I...1.K...4.0....y...................S33.m4..Vs...:.z....!0...&+.......\.. ..._3:.......).......9,}....c?.).-......9gX$Xe...F.x..A?..*f.2.....n4....@.*.R.x...G....:u.m..C..1k.x..X....R/....Ut."....L.....k..s.u+..Y...s..o../D.O..K(8.d*%uiQ.m.....m....:.'B..ZOnR..y...U..Q.X;.a...{...~.G.~.I....+.....n|...W..o....z.$..S.bWh!....9...
                                        C:\Program Files (x86)\AutoIt3\Include\ListViewConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):23754
                                        Entropy (8bit):7.992245902099427
                                        Encrypted:true
                                        SSDEEP:384:g++iLoAP0n2qJyQqGvc3QK5hIA8aqIrbLsG7rE7DJ3CKqR/uw6Op3S4cqq:g++iLS9QtGvi/hI3lobLsG7rmJrqg8C5
                                        MD5:CEFE60548ECEE3F1F3579BF0E104F149
                                        SHA1:88C403A49E03FA5BF5CB94935128A1A50C5E3105
                                        SHA-256:CB15F8654FE712C7F3B63659659ED4809236093838D3CC2718B38821309F60A6
                                        SHA-512:367C53743C1E449F33114CCFD7B148F9438BA7E8B625044941194888980C443570D16E8915A057F23C55F49ECB6A9443E38041916F3D65C54694B3B471F0DBD7
                                        Malicious:true
                                        Preview: 2.I=..]..(.>.{...Fb.moK.z....2j...v.[.z....M/.G./....KOP..........(=.hq..2.w...)..=3...N=U.Se.......ls."...n:.Fd..u6.....n#:.m...G.y.3.'.B....v\....AZ...U...\*7..s..._.......J..`L'.'.`E.g.j<.a(I....0.C(L.'t.sr.e.?&..^...u..F..=S.Z..6....W~........D2s...]Z...%..U,s..W.. p.}...o...n.(..WU..B.D...r.g.1..]P<.i.,y=..u.3.c..K~.....$....1.T.........7.;..w..U..Q.Y...9A.?......{...V...0..@..lfa9....z.X....U.O.'......%...d....?..X....f...|_/t...M.w......C.]Qn......#a./S5..f7..pk..B.d..'>.D..,............$..Z......$...4...YR.u........J...M.wm...8.....v.Knc?...!k..fK.L.........).a..fgwpkOW.Gp....{..{.#..Q.........-...-.z}5..-2....fn..V.[1..f....-X....i&...$.R.*L*...[....v.i../Y...1.M..'.A.+?.'ZddR!.......2.^6..B.|...V..+..4...c.....|.`g:5}.`/o...[.e.qA..!..*....l.H...$...^3.a...[k..l3....u.."D\/..sb...2c.o.v.X.fz.wd*I.U.e..hDd.'k._.,$.a\........EC.).H.m.m....5.|$..Y}.3.6..a.....W........l.k_.L.Y."uR....6]..=.}.C}..0.!.0.._..R..dw.79.<..k|.H.M!.w"...%.
                                        C:\Program Files (x86)\AutoIt3\Include\Math.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5181
                                        Entropy (8bit):7.963560343389361
                                        Encrypted:false
                                        SSDEEP:96:mQaGCXeiXlYpmFQ+yqB1BWi/Jg+zP4VCxLqGTO0GaEIjfMZ:mQajOiXlYpEQtqB1BWixg+zPk4uYI
                                        MD5:18E4128E8D702F3BA81A406B4257B799
                                        SHA1:320B6DA29DBFEDB98A29AB28C842736AFA357199
                                        SHA-256:43A410470381EF1B1074B93F866D30E216BA0226B244C80EA987F001D5A237B3
                                        SHA-512:34F261494C2CE80DB4C5FBC95AEF0CC7849BC5A6A79EFAF551E90ABD331DE69148F904925765AD9E21074EF75D2346DDBF17CAB6D156FE3C3B0B780A65CFD2A5
                                        Malicious:false
                                        Preview: W..1....6......l&x..."..$......r....#..9..).~h._x.....]>H....0..V.....W...X.........ny...zL...L..2w...>./BNM.B.2....i....*...EXpK:...<..Sn{.%..>'...{.P.J*.8I..]/W....b6S<#[?.6r1L........ ........^;).......fH..^.xh..d.1...=9..Y.`..9....YP.:9.g.rt..h..F.2..kd..y$.s..XN...-./...,..>.....v5.u.:.iK..^^.%....H1.q.T...wL^H.6l`W.u~V..ce....r+Q5.-....8.....ff.....P......H..4z..4./a.l....g...$....Yz..ma...."1.;<D<..._.u.....s#.c+..........{q.q9.>.v.._.".y....l.%...i.k.<..._....).ILg.Q.$............$.'........{..84Qc..C3.QI....v....u.X..K...C...5..`.....4....V.X....Z.^v.......7.@...o6...8...vV.f.......,"...rV.G?1..c...w..*.U./.v..6.....jl.C....dXq5!B...s.H.....S.K.@.7)U.\J.=u...Zhn...X(o@Bw.W...t.n.R..+..HA..`.Z..{.8..=)0..F..Za?..e.D.]S.$d..y.pt..J..j....Y.rV.-........L.b.......(|c..M...C.S.[.=.7Nl@9I..4.h.?..~...:"C.DE@.'r8Hv.^QvVs.?'.Z.xE~...4...{...j..tF-.[.g...;.9..b..D...P.u.[.....b.C.Y1....Z..[..6m+.q.. .^H..c&6Ie.........>.b....1.}F.98tW.
                                        C:\Program Files (x86)\AutoIt3\Include\MathConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1460
                                        Entropy (8bit):7.843940581280114
                                        Encrypted:false
                                        SSDEEP:24:Xc/f5+UzCUAw6eRsNVGk3UcTSubloTu6sdqJmlR58EfzMOsEdm5VK4LTH:Xc35+UeUAxIsNVGiuu2T60JQDrMO3o5z
                                        MD5:164E62757248778E758F2C9BD95B4289
                                        SHA1:A995B4B3EACA531B90B49ABFDC403BE57F79E6C5
                                        SHA-256:2A42D0101834FF5934633415C511367C7E9E74BC07938A19E9A0073334EBE680
                                        SHA-512:E575EA915F129FFB9D0948D86555097F0007F5FA81938D1A2A1822D9AEB93E87E686F83D76B834CB7193CFA338656EE7B751201724D6BF02D1650F822016625C
                                        Malicious:false
                                        Preview: .AW...N..b.s..3nX.Y.c;.m.|.. OHs.....j...LaEM.<.F.M.....[..#|d.]....TqR.[..T!.}/......o2g.$\...d.....DC.)..&Y4vk.......;..B TM.DgB.t....@......ObL?J.K.....^5.v..K...6....06..R.%......,..:..%.n..>..Q...N..F..`.q...tZ0.h.....h..vD..$.66...2.`....t.~.....{.l.y%.g._Q...e....B....%J.\0j..'...6G...$.PX...p..xI..;...`.v...R...x.......!...<k..g....R:.qW..+.A.......q...-...WA....e........-$.u9q..=./D....T.U...6.(_...p....l.g^.....%.*b.5v..Ay.-..e.jw.h..........U.../........E0...(.^..<..p..S..;............$.........l.S(......h.n.p.@./>a.>..k..r...Hb$.U...|.#.8,%.:..T..<..L....e$......]u.\..\E..bH..(.}.U..5...i3.T\...)...l..?.6M..-.\X.f...p.e...'..MFm..p.....>.$(Q.."{N.-..<D.....!f.V....+....?.....H.........v...d.B}..x...h(..*....Epa .|......)5.M......o.@B.....i.....k..Olex.-(..}.W:v..;..6...a..[.....,..&.....c.).&3.m.C_.!..F@.|*..v....C\..c..@.T..2o"YZ..XWaq+...\.*....M o..........{.....8......p..u.?.[tv.Q.a.E...E...l......v.....D...4X.t.S5..
                                        C:\Program Files (x86)\AutoIt3\Include\Memory.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):17884
                                        Entropy (8bit):7.990358077576715
                                        Encrypted:true
                                        SSDEEP:384:6pfxnihHUMZBb0m2UcYXRBEKL95lY9tD6Kf90:sihHUaB/2mXRB1+98eu
                                        MD5:0EC017A5D35AC3B36F1305ECF5C49314
                                        SHA1:49B3E61A9C90D1D520FA106954950367245C1715
                                        SHA-256:90CB0EC79B90648D431B7EA9A4BB6BFD1BCDB2204B8C6849B393E111FE7FAE9A
                                        SHA-512:F2983DFCA4EEE5467068176E653865588F7ECFE23D912D368E9115B22C3E3BABABDF641A73109C938AFDF24E095C5789DF1BC762F21C0079EA52CB6C17FA6381
                                        Malicious:true
                                        Preview: ....iX.K..@..[.y.J|..)...A4.QjC...z.S...,.m.^../..6.I-,..-.`mo....m.......w...b.j...l/...M.....g..{...d..IBA.f~....o7.....F8.G.vN.......'?...[..4h.l.r.B..a..^.(.i/..O.......d......r.G...O&I...Rm.h.!..n;.T....`.OlZ6.{.....j.9t.....Mpo=.@..|..C. .(.va....&.......`.. .gD9].stl..Cn.&h...n.+.4.Y.@...+nv..'.=.....>...@..`.e..!."...R..*...#Eh.a..:..:.c...J.#...EG{.V.....Z...?.A.>.C.O.}.M....Mw..^.....f....*....;............r...5f..... ......9.<N.-.+........)....s...3..... m.....u.c....*.iy............$..C........UG.......ql}."...}.F.BX....R.@.W.....n...1<.RE.Vz.).*.=]m.......TH..%[7....x..n...s.G.<m!.........ib.u.#..........@^..T=#TD.^.m..>..(....m\d.+.f.>t.f..xt..g.(..........J...Uo$..0.P......{.....2u8k...a...$.....y......6.PP.5U...8...o..+/. .&..........b*q.2.g......._.x...X ya...P..0$j..G.YB@.N..-...GJ..fx...@...{hk...>.2........$..Z.,.....m}(.G...\....#....5...@o....@.v...8.I..t%.....M....g,p...K.K.n0}......vV..5%y........P..s...$.-V32
                                        C:\Program Files (x86)\AutoIt3\Include\MemoryConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2967
                                        Entropy (8bit):7.935741420302238
                                        Encrypted:false
                                        SSDEEP:48:RlRu5sUT2v2JfzwrWgeRbZ77Hjk//rtvXzSorYMhwyL7NvSp/Z6tYSq8ci:rkOUe2ZzwrWdRbZ7kHrtvX2uYMNvqgYO
                                        MD5:54C4D49CE7028D161C235B0367D16FAF
                                        SHA1:7E5D9B146C1DB9F1B7905C388D6E0DE0807DD4A9
                                        SHA-256:B51B3E0CD5C2E3047A87446A9A9BD70DE8BE01E65B823BA1C359A8E5268DB84D
                                        SHA-512:1F8E62B9E2F488B4F114D6399F69160E40437CB96A008FDBB660FBFBB6126A58A34CFDAD7BCAC561BCD55DB8F41B12C1A3310746C2146B84DA4B3472E9350C03
                                        Malicious:false
                                        Preview: .:.eG+?\.o/...zD=._O`.G..[.&...9.-.%..u$.../J{...`sm&..Q...?~..+K5.s=^........XglA...m.....,.=g#<.Rz..As..-.5cb..M..C...=U.....v.<).[I.....^J>..........*!UR.......+}.]...J.E..M.a.*.d.%vi.9. .'..aB.....K:..7..:.s"].#.5.`.j)O.5.;..-..WM...j.....RH.....k3q9.U(....ci3.o.........E...M. C._..Xryo..-.F......S..=..FQ...........J(.L.....m.....9@..$..k..J.K...qM.M:.Q....m..0...,..M.z..Zo-J.yzPf......_.-...B..o.J.W....XOE.l?.}.....*.(D......f........5..x.r.A.oB..d...$V.-.........A.y..8.{................$..........$.&.._"...j3.t..\..V...].x.Kz.4.]...b..w9~..z.,..csX0.:....^....b..xD...sq...pP5g..vXO...9G...f...Zy.:..D.X\....o.....0..T..{'~l.-.V.w90..4P..gA.$z. .I=..s..Z..B.VY....$..j.G.....'.V.k..#..af.bJ\..... ..>....G].*.....?...@:s.UF.B..o.(.:.o. ..{.k.W.!...m.yJwT../.......w..........$B..*.+.H..%.R1..@......D./.e.`.azo...+poOx...74.U...#...c<...R..gx".._.~....m.z.0..\..P(N.A.V..N _.Y4..V...n@.y...... ...T.kr.}P1b|.._..S.....1..(,....ez..!.)hU.
                                        C:\Program Files (x86)\AutoIt3\Include\MenuConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5428
                                        Entropy (8bit):7.953610702296739
                                        Encrypted:false
                                        SSDEEP:96:nOUzAZUMEputrYXD0s+4mb86R86qKMi2GRYZ9EuzJ9im6CbzWK3:N1gtrYTD+9QelOZ8ZCGK
                                        MD5:C4B106FAE9BB82AE08B71EB19BC6712D
                                        SHA1:5C65EEF0EBD9D2721A9F23C9EEFEDB5491AB52A6
                                        SHA-256:4A6CB78C6C36881E0CE8408AAB598CCF21B16902C6D25629E76A781DEB3B9222
                                        SHA-512:FB261B6D7EA2B12077E13894CDDF06DF96F96631AE1C467A8611203F887D792C914E1A8B81C4442FE32FCFFB8468EC5326D4A143ED9CDB28DA6B2790DA63E931
                                        Malicious:false
                                        Preview: .5.).....p.....Qb7..p..qS....>...27|.=..=.^0..u8.._.Qr.B.P....h...+.....1.."?...,{k^..c.}..vUP.@~...8i./\..ACY....=.I..B%..&.....>b.x.U0.O.P...c.WT....Y.......d...si.4.....y.p.+.y)_...)P.2a.!...9....@.k;..)...I|:1.q..4...v.#3,ff.>.....*...>.l...T......w.V.n.a..|..s.R...7.G.,..Zn..2i,H......Eu..v....g...7.W.s..<.~..'..'......P..|=.._..{`...H.H_.=&.A..B.B..y../.a..d.Z..k/o..b9._.NgA%...B.BS.........Rc...(..z... .Ra+^....%pi...j..8.V9JJ.(0e..2q.......(xc.C....'%.w. L..&._...4.!d..U(:..X,s..\..81.C............$...........n...h.m$}b\.}X.i....E.M.b.....#.Hx.q.N..p.. ..W.........X..j..M.Q.....e..d)...|#<~.S..E..r.....6.DQ..P..-.G..t....+..].a*...^H|o.z........>/.Z..n..`.t..w\~OK~...a..9U...\.N.....^.^[^>@l2.....Fk.GGz?.....?2.s.....74..,.Y.-. ....9.X.C....am.&U.2.T...(..0...l.0.o.B.Y..P..%..Se.T..~o..W....|.......|....;..?;...$..A..o.....1K..\..E.oh.bjP.P.N.oY.%.....F..wE.4Q..&......S...e.Sb#..|W)...,.'.9..V.G...=s...D.w.:...#..=.?Ko....L...(.3....{.T
                                        C:\Program Files (x86)\AutoIt3\Include\Misc.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):32500
                                        Entropy (8bit):7.994577327560597
                                        Encrypted:true
                                        SSDEEP:384:zE7ouJFsBeT7NFFecDPMeEs5DK5/yv/UXROqYuxGybpXiAULeEGtl7DEFHXUG2RZ:zNtBEFF5ZIy3UXROfuxGX985Dih8nlL
                                        MD5:1E1B6A9F8A226BF509F3658255FEC8D7
                                        SHA1:140F8D3B2A255DF7581407150DCA58961C89CD93
                                        SHA-256:30AEDEF7140ADE435A1E139E44C71E25A65DE080A141E5BB2029156BB4EB7805
                                        SHA-512:A2D9609F51915748E64F9C1DD0C02C6227F52DD8B5C14A6116BAA169D242F76A888E66206769A44C8660277381DF47BC0AA6BC2B8F851D6E031F39DBEE6EB7F4
                                        Malicious:true
                                        Preview: W..!.G.x...K..M>+*.&%nP.f .6=2.....u...v#S..bt.".h...X..r..{.bH..&J..$..fP.$..E.8..Z+...7n...h..+.V........a41......^.,."..l..R.u).,@r3.s....ul.[*.Y..}...7..E*...4...M....pYx.-.[....k8p._.....Y.Zb...H..m.[.Y......B..!.#...N....N.Mx.B..V.b.....C1t.... C&^.h...b\..y.K.u.?>....+.=.........q...p..W.~#.K.jE;.3.H......$fS...9.Q..s..~...0..t....0..%..Oj...b .cnS........_N...FP.....%..j.`..8..=..k..@O.-.9.w5.O.....x.D..v....Tl.....L.L..`W.!.y*5b$;W..8!`..>...U].t.dk...P .5...j.E....Y................$..|......b..wn/.wPse.j.zM...z.....:.......ij.3..~..n......S...+#....S.}..l>..U......RP..V`....*.x...q...:..X............>X]s.h.&;.;.`.x...W.KZd&...4.M..8..q2p.Cn.. ..d.:.7....t.<U..~{5(..@z.....uR.t..v...nXd.iG.T........`7..GzF;G...B..G.X.._V.Q..kWP.........r.....&0....N.n.Hyl4..}..I../\=Wu&..hG..._.]..Il...rIzY..t..3.|..}F......M..r..h.&M.%............v...R...g.&....o.^.i.|...x..#\....+A4.s..........Y}...\a.:....r.~>.n.U......4....J..../....b.lh
                                        C:\Program Files (x86)\AutoIt3\Include\MsgBoxConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4654
                                        Entropy (8bit):7.955884802340328
                                        Encrypted:false
                                        SSDEEP:96:Ui0d9Gg56u5Nc/M1Qyw7V9RwiWFh02pMNbXxYwhU4ym4Y:UFdv5NcU1uV9uik1+bhYr4yS
                                        MD5:DF23785AFF1ADCD842A459434F70C55F
                                        SHA1:5CE882282A88C262108D1945DE64D640C792A455
                                        SHA-256:81633668B767241E2D91962C24AF9C7C0BA8F4246EFAF368113577452AB9E350
                                        SHA-512:5BF6E039904C98F4AF8715970A73C6C7964FBF6B4D6B04A4C495C07B2B88A019C2D65DF3D438B32F9E547F9421F05DF7D0E3E8D998DE5147884CF55360126983
                                        Malicious:false
                                        Preview: .9..FD..?o*>....\..X.8[.=.l.&..M.......<SF."$V@.B..t......7..M....R..H......B...(.rc8.WV..l>_.k;.S..v.hA.&]..l.K..&.....r~{.+&T.1..;..}.Q".5...?.x..>.1%N.*Wu......Kt...2..7.;...&3.>..:\C<...wt......h.J.n..?.dDk.0..v.W.v../.<.MU8.R<.....6.-_[.".3...B.8m....-.z.9.@..5}......m...Se.e...J.7....%...M....[S.f.C9.~.a......W.k.8..&...t....[..C5.....n..%U<NU.'.c^X..J.:d.'......NO...CZ.#..Y..'...6..>>R.-..M.v.o.0..<.N.....CG{.st|.....*.}......u .,...4.f..H.9.Z...7j../..(.)...]G....../.n..............$............*.2......_..g|!..|.u..n'.n...d....v..X./...../...@...L..J.}...{...HGydJ..k..BU......o...B.R.Q.]..;..PU..k....9...X..>.b.(HT....f&.......c`..q.^..J..B?.G|^T...+.F..i.....k.h.\9.."...gl.pF.V$}vg.@7.#..5.....p)8"..hu.9.Y..=Q:76....p..].Z7t.I.x]..:.=.u."._..#..8..e..@.w...(Z..j..o..R..+.%..Y.eR....Yl.r.....:/..x.....:...~....v......2.1.....Z~.[(Mbu.C.*Cb..#2.K|.L..O.......>5V....?........Em.....W.......i.l.....Z.I...........Ni..&......
                                        C:\Program Files (x86)\AutoIt3\Include\NTSTATUSConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):241208
                                        Entropy (8bit):7.999238511017548
                                        Encrypted:true
                                        SSDEEP:6144:X1ttEePk5RSMjW6h9c2QNUvFqOQjedltKYa1D9E0qru:X1M8mRSMjHh6KZQKVK7E0qC
                                        MD5:2332BFB27B04E217E1F121C1B0E0C5F8
                                        SHA1:5BB3B65DBCB9C9CA6419875041032A53F051E84F
                                        SHA-256:F9982B346BEED7E48DB27FFDE1D34C1F9543C6C9B7D07EBC37EF7224B10D38D4
                                        SHA-512:6E8111D95A319E6599F509D9350DCE2BB5655FFDB3E9CD73328397B4DD2A994E11F257B925EB4C6F7BD82F346B31165F66089FD6DCA9E6B0B6AA0C5C7C484E52
                                        Malicious:true
                                        Preview: .....V*.~.. .|.B%..W5.B..Z.(.l..`...j4.x.i..6.k,Q..../..i....&.....A`.[B...!...E...=r..j.9..0.....#....5.E|Q..e8|...(l..K...............z..\...d8.2..]&.T....v..c}..$.. 2...~...I..m.:.nk.....FW>Hu.aT.}.].e..'..h%.G5X........Z.,.!/.....................:'..(.>...(..yt......]..1.&r.......#@"..K$.=.'.6.I.>-"?_m>.]+p... ..nJ...JNf..>......~KjL...^'v..yf.{#.y.q...\.c.....L(..9>....oBK...~.r.#.....w......I.o..'.Y....z..o..<.3.&.....S.*b..K....$..&......Q...K...p.F.......&y.K..9.p.a.a...i.v'.^.O...r............$."........r)...h...^....b.9....;...N.,gG.* S1X/....|./.6.."0F.J........Z.*.q.O.../k0+v..Qlg.=...U4kE..l......+- .....%cH.4ir;.....e..K.x........@/3.ry..rR.9."R...f.....w.SZ....).H.e]&..'.K...9P......cS%N0.1u..u..H.y..B.ZX..@.|s..up.7..z...h.x.mN..l..oV.C.&.'.7.....3.Wc.....a.c...z.\...|Z.v.wc6..fg..8...5..r.....M.sU.A..D`..6..<..3.d3..f.N31.?.....O0.=.....!..6..........p....&,.oJe..O......`S...`......5G..u.A.H$.d....m..+... ..qG]HG..0...?V....
                                        C:\Program Files (x86)\AutoIt3\Include\NamedPipes.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):14559
                                        Entropy (8bit):7.987902745184464
                                        Encrypted:false
                                        SSDEEP:384:6W2TThvmjiEWncVOVy0fLEBQxb3S0oGRZl:6W2HhvmGTnlk0zGexnDl
                                        MD5:49AD2952B291462D0FE59912C867773F
                                        SHA1:D4F92610756AB32AC6E2CE4F995E214496469980
                                        SHA-256:BFB73F939CC7BF07F77D320AC76847749E0A1F1291C6A8462B874CB676F49991
                                        SHA-512:10CEC12593319B96277D2A1FC566352228A58B938EC848C6F9B9644D1A4B171EB49BFF57A06325672DB51FE084CDA24A7FCD4D13E2CBB5C0BA1D7251605515E9
                                        Malicious:false
                                        Preview: .V$....%...Ta3h."pwV.c.....yKD..7.A.9.\.Q1.....C.4..z...<.J...2.us.....~."...Z.\Pd.?Vk-aY.kN....j+...{.P{dY8Z.....44.............R.`..~.]H..g..t.#8O...WN.laX....f.._5..[.MB{.....WRl...._9...u.e...Z...V.....T........}.@.@..*[..V....@8..)I.Q...j.rM.73.0......^b.#..........L./n.U.f. .%v..hiS.......'e...+.Nm....13.'....R%T._w3.s....Q..E...%.....m......-.~~....Mt[.......Ic.i.&.}..H$/+.....7......w......../q......\.....TI.n.....c........r...".z.%..........]...3?.S.z.!..t.Iz...............$..6.......+..x.L..........V.j..N.8L.,.d9....y.8..:..,-..qb.L@....G>....S...d7...X..\...;..._.,.I.........a..i...-...P.Lf0.hR.Z_.`=......:....W{S.......^Gj.?y..q.......Z..sN-R........[...Q.O.4N.<...V%..G.i..1;Ne.D..<. ...;`....5=...h..1..l..}.1p..bk..8..B.6....x.V..*.,Ov.=...B..f^.....#e..{.i.Y?f2.Y..)D..f>.(...N...\Vo.U.UBM..zt3.h......=..7..+R.")f.qy..!i....k...1.yN.m.:.e...%...".|&..[7y. .af<..\.[L.. .o.R4G.......e..._..F5.V.&.xf.1...
                                        C:\Program Files (x86)\AutoIt3\Include\NetShare.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):46341
                                        Entropy (8bit):7.996146135890159
                                        Encrypted:true
                                        SSDEEP:768:I149t0U1SJq2hdSau5zUn8Oa+UnVXIuwwY7B6x4EXeelEgLHiJzKbcGbQ4N3DCy7:TdAkESau5gj9Un5Ihw+6xnPEgLHia5bR
                                        MD5:3E8BA3EC129832CB77C6B48CAB4C1F27
                                        SHA1:DE5382F10DF9DA222A0364FD5D730755700FC8D4
                                        SHA-256:3FF7CFE1DEA6EFBE1CA7801A74AFB1348A3A2184598BDEAB4C5FDCE351585E6B
                                        SHA-512:9B0909DEAABAE0464E0245304A7B9A8AD87DEC4EC599890269E7E32AAFCD7C79F2BA5C4988F94F82DC7498C16CFB9986E793EF546160F433F55703EF58E910FD
                                        Malicious:true
                                        Preview: ..1..n..P.p...7A.,tr.....r.......(.~S|z....K....Lw.cs...6%.fS..../ ..yL.~sL_]..k....j..\..........[..s.C.*......'p......Y.u.......u2....!.........F..SuL..&k6......H.'%.B...L.:...3.J.KS...^.th.......?f.b...^...=.../.&0.qE...#.q*=.*..GP.*2.r-.K$..=.A..././....KH_.f6.z'.@ZnL..'.M.M.z...!.#.......,.q...`.c..nU....u...iM../..SU..w....l.W..HH..]H...R$...&...J/...^?.Rv.=.!\.=< `....0.O.gsy..b;4-<...T...6...N.r./..$a..&;.....^N.%?6..y.uS...$...G..u.z..........Y....Vi...j.{....^....c...?>..m............$........._zz...@.kw..q......`0...m..|....W.D....)x^9..v#..#..]$.=..+ErTV.......R.....>.?......4..H...u.~....^.....Skm...T....}....A.cx].N....zt.3.....?....n.J.u.G....L....#BlO.lg....}..F,..H..@..[8^.7.mPj....]..?qc..z...u....J.8....-..Yo=H&`....4..@g.,.<^.w..>.`.9.j.....^....O.3qX..I.nw...'S.d?.V......6S|.....Dm..,.......v..Z.R...."}|..7..Q.R~r.>u....?..2..A.r..{.8 .....jV.z%.|...6f_tSR..^.!Q....*......\vD..^..x>.fk`.a..>..h./..*J...[........<].zK...
                                        C:\Program Files (x86)\AutoIt3\Include\PowerPoint.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):58251
                                        Entropy (8bit):7.996790243541492
                                        Encrypted:true
                                        SSDEEP:1536:Q0g4ZIsoUvuDSpEEcZ5icU72JrXOfpMUykULKmMs5lb/oG62O:FbZIsoXDmEEqgcTJrcMUKLT4G62O
                                        MD5:FE3065683DBC1443B7F58D5052148AC1
                                        SHA1:9A31B65BE418A0CAE75E2DF97934499E6FE45437
                                        SHA-256:717907D2085A3ED06FAEB53C8E09887B7F765B168CA11FE3299621F839490175
                                        SHA-512:55A6FB1B0C2BE874889009EA9C7A39FF951412AB1CCA7C2FA08698BF40D17CDD3EC57DA1FA2FD04028972432C59537AF2DCE6FCACC4B355E08A2DDB814560617
                                        Malicious:true
                                        Preview: .....XH.;Ym.R.........JM....j.)zj..x...?......E.,....ra._.U#w......B'Y.....;.u.......7...(.5.;..x.3.h...#.f.b.U.....8...6o.9..}......8N.....w.....P..N.\..N...m.|.mL.xD.>.3.."..Y...R...k........{....:q.O.Okh..1..*.%..rb..-o7..............'..*d.<\.L=...q..G..<.o..:.F.ou..R..>.{+.r-..v.........>T..8...3T@+...d...;....%.=.....X.j...W...C.%...6.J.+AK...8..<.........A..I...a.......4..s....t...@:C_.....1K..[..6...U0^.8.r..F..Y.....?|...D.....u*[.]TR...;....~..3..8.8......K..../.#.'..............$.u..............R...BA\.O...X0..#/\.g-..K.b'U........>Rc.'.....l..(.;..LlRg..Y.=.H5.LL...'.J95.@..47.a..9.,...txD^P.;..G"...Y.Q`.4..?...3.N.g..J...D...U..Nq....'...k@0.....q.(....x*..z.^.- #N.46s.'...2...K6.....C.o.VX.AKh..s.w...........}.p.....`.!......*...........5.Vp..#W.`A.l.C..Q.1...p..{..b..r.d`....JD._M...q.G.Y..\...k.G.u.....9MeT.B.Ee%.E_.L..%..M.;.....g*.m.WZ.M)..%Y.r.$8.S...N..'0.YM......bT..2.....'....\..j=?#...V.~^...._.bv..Z...W..#..\!..#
                                        C:\Program Files (x86)\AutoIt3\Include\PowerPointConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7695
                                        Entropy (8bit):7.973219803836402
                                        Encrypted:false
                                        SSDEEP:192:rT9yv+ALW9YmpPEm4QT3x8LtZwkdU+00lSCy0:O+I4Y+TKEaU+dly0
                                        MD5:90F96DD3651E90A8AA41A92C386A436C
                                        SHA1:D1F53D306E25E451E7B8241C0814FB0F35C4A879
                                        SHA-256:1E3890847AE380C057493940E400A418AC44242BE0EAF77CEF5A3189670BFC3B
                                        SHA-512:99731DDE16AE582F496CC26ABC15B171E56678D828097DC83C5E76B4E56F36903BEBB553EFF424974CBD8490C8F52B31789BA28FEFC65BB87ACD146BB0BB5CDE
                                        Malicious:false
                                        Preview: M%.t.......e.......`9]yx.....::....S...}c.....@X.Oc....._.I....j.R.q....N..Q`*>....Y(,..#Rb3kF.....K.....d..k..>.l.d...C/g.....U...H...'.AhAX.R7..N...p(R.n..O...S..'....%.<.d^.".......oH..y...z...*..L..-.Y).o.x.q{.Y..$=...9.L?...(g...v_G..........C;..G..'........1RBJ..'..:GZ...1.8.....H..'...Pjk.Gg..../...2\.LMS.....0.*...k...[b.J.g.....?.....4%[.[.v4.~......\..p.o.m.+..oh+.a/+..x.D......7..2..[.....!kf.p.........W9f{]..h.........wp...)|....p.h._..."t..7...4.9!...|.+}q.0.L.2S.............$.........).y%j..L....\.G.'...t...Tr&...e%;{.H...O.q2A....R.......zg.'.1.#Na}.i....g%......Q...jt.v..<.%..`.!.,....!...Q..]vHh..^.B.....d.h.4.;k.=.^*.*.G.?...!.n.U..0..K...E..A.X.OoP+...".o*L........I.......P.Y m.....D.\wJ...VH........... :6.%.D.O/....~>....<...S..4..`U@aGwD/7.........Jtc..C....2.........#..U...+f...'.;..bBN..........$.:..n...Tw..;.8yT...4...`.....k.........C.#./F.R..&.K...".R_I B..o...8g.~..,'yb(..T%.$.D(.P.,*yNjj.8!.....9.@Z.#...$.O.{.
                                        C:\Program Files (x86)\AutoIt3\Include\Process.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4355
                                        Entropy (8bit):7.956309061614152
                                        Encrypted:false
                                        SSDEEP:96:hV/zePDCXJCkH0ymVcD8R/67H3DMV6Wp3+e83ff5LE2jnlOx:hV/z+DCZHOCDh7TMV/pueOHox
                                        MD5:6AE66DB80788C7972C3469AB38888CAD
                                        SHA1:096919A92BBC8B219AEAFF64B8A8D5B23F74DC72
                                        SHA-256:32FC8D611953B0B6A4496BE7D2486D532E3E068B4B381B2B855D86014A029F6A
                                        SHA-512:73B2B3E11EE91BAB5808D2AE517F147333EC836AF76247A7A035C3A3C4D15793D54637F3744968661430B3F66F3DF187B1C2FCFBF835AC9CE520A3CB454344CC
                                        Malicious:false
                                        Preview: ';....I].qH..X..rw;X]..Hk...}....@qz5+...&2..C....6o..X.o6.q..W...@..f..../.D..,m".q....cK.i....}.../u...WoO..+....rT....k...+_<Z:....kvl...g...@..........1\.@.X..z5.I....0d..1..%_j.th$..'...i[...DCH.....W"g.z.._l.V..<..h...JP..R.....4!7XOJ.N..6.6.[b....8n.;....u...Am0..ERD'<...C.Amc.]%.....Y..LL.iy[...9.H`".<=.J..mT...L..G..D.s|-..G&.....=....e]d.....2..a(...P...f..&<.}(...J...m...n..bc...m.....#.&..fw.|F.P.d.hv.3...(......L&..%....mIn..d#.7..S...~.9......_.'..i.!.....p............$...........d-!.^...O...A.%._.....|.kB16f.8..%H..#......$,O- .K..o...ws.x...r.........9.....W8.....HM'.JB3.pu/.Y.%.o)H.`.g....|..M.....D.'TRri.....=9`..$.J.N..<W.0...0..~..!&h. .~.)...&....t.ub ..,..K#..x]..7.(S.i...M..3.u[f.7...h....R.>..h......G$.1.56.Q<D.....6eg...,^T....?.z..&.......!....MQ..L.".QD.*..L.h?..ykN...x.;.^9....[...fx.'O.+..<|..x..-a.......uj...H.A...a.)..iYE|..f...?...g1Q...=e.....#c..g:w...~Sk...D....."a.t.-....1.L.....Cl....
                                        C:\Program Files (x86)\AutoIt3\Include\ProcessConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2003
                                        Entropy (8bit):7.90106821896385
                                        Encrypted:false
                                        SSDEEP:48:dMQa4zJ70FKXA48Tpa8j3XCFTcApyjF5JogXe451AybjT9/pdXxq:OqzlVETrzXC2AyJogrR9nhq
                                        MD5:7C5482197C9F70AD23C83EF83D3E4506
                                        SHA1:97C6CB2E989A13AE8F224830096DE7E68105B940
                                        SHA-256:E3F6DCB3DFDA5DE7F05A8762E4DD5478771479434DBCF69DF4F8FF151C9E7281
                                        SHA-512:651645DC48DCAF0316844C7D55E00EB2B1EA1D9000F5826CEDC7F09215304FB8AA4C34E309F4C54D351FBD4B58C17B0562D5D45BAE334D0F274999E6D3B006A3
                                        Malicious:false
                                        Preview: y... .q..j9..`.....A.j~....a.'..E......w.|'\........:.d...........0.J.(..n.6x0MRT...hf5.3TV...4..I.A..g%.tx.........6.k]..;Byy.h.'..%...).3|..R..m.l.t.U=....y.....)Ak.Mi..N.|.....I...*G@....o..T#..].20.@ .?.D.7K.n.p.Rf.[O.....L-\..)...WI..3....pG....H............RE...7H...UR".......W.`......[......x{..T.*;(..n..;Z..^..SKN8.-../bsd..6.IY..-K.}...h....t..._.Z..#.?)DA...`..En..I............pi[4.....~....!.np:N..h.....~..v.?.L...OF.<.......C..f..f=..\...Q........=&....;..mRNo.z...g............$.........T..........I3m.r.....w...g.e...ES:.`b...X..H......0...yC....u.&...>.h&......d....I"a...(&..."....+...^..F.'....w.X.....Sb&..[..........p7"..V!..s...JZ.......k/Zl?|..p.^...Q"2..Z.U<7....c)WIwn..t..o*|(..g|[....=..~U<_~...h.a5..Ye....`.........5..5.79z..Y..M.z.T`..m2m=.~3....A..P.!v6....mS..Rzf.S.Z.5...nr/....D....|..@..XE.$V.&..~..Ei..."..w.4+3......8L..x.V....x.\l....gA......Q..U..\r...>.....{.....[......,..v.........&.R......p'....
                                        C:\Program Files (x86)\AutoIt3\Include\ProgressConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2601
                                        Entropy (8bit):7.928774497603537
                                        Encrypted:false
                                        SSDEEP:48:qDYjQ+6ZyVETboKWg55M5kBdpiF8IvwoXg3jDcjm3H6C+9cbH1pY:qcJwxL5tDQwocYjeH++pY
                                        MD5:BBB82FABD75201B908DD377B66C1E906
                                        SHA1:286D657D680227979FA686772A73B0281FCBA545
                                        SHA-256:9404DB02906FD12C41F2710F7924E736F3D8B62E11EF8266E1F565D0F6B014E7
                                        SHA-512:BF8ED36941061001C5C49E7C1214A198A89DC4A6F9F89E24D9F8E11D4643CC8812168F4D57AD71485DDBFF34094F62D6DA10F0D61690EDA8A076D084841525F6
                                        Malicious:false
                                        Preview: )...|...h...>.....PlsJ@..M.C.#;..Z..b.....K.....E&....WDw.:."..A..*..?"o.k...%_..C......$.:.ZK.g..h..T.|._{.nU.i....).N....K.....m..].]B)..C..8.\..E\.S...X.<.?T..=.5....F..UnG...V.5ra.=.v...}...H,.vui F....U.w?l/...............B,.5..>.;'..U..Q.d.vF......gjn.....Q.....i..$k...|Eh.......TAm..mX3|.<...M...A.Vny..QX.'....B.%.B$.0....F<..s8..C...}q..a(.C..7K.u.......j.XV..?.,3....AAV.3U.Pa.W.4T@U..,..]...p4.....Yi...N...v..,P....s.+!..[\...fk.>..aK~.$....2.S....A..L'}.L.y..GZ..#..^...9.:...Z..Rz7..u............$.........s.kjvy.j..CCK.&7..*#........Y...C.l..{_.....M.]..l$.K...p..s.......gZ\...lS.. ...kF.F.^.9SNB.eM._D.?.f.....K..\N...?|O.....N...R..H.zIU?n,.M..P*..T=O....x..Ow3..k)..."..{w...m...jV..`...........b/\.X.......J..;w..;m.C4......n..$...}8..T.f2'.*]..^.../.R=..t[.&.'..;.(.t..%w./.Q..@;8.8.....b...mV..f)..Z..x..l.S....@.;.s.r..x..j8.b....2....P:.XQ.......Y...Ie4.k.H+..Kl....N.v6h...V..E...k......WJ.....{.*..u....."y..u..v=.\Y..z^..|......^..V..g
                                        C:\Program Files (x86)\AutoIt3\Include\RebarConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):6953
                                        Entropy (8bit):7.9737541702568295
                                        Encrypted:false
                                        SSDEEP:192:II8TCWtNdEtYfZFmGJLOfBipvucKLvktbv6AWjhmv:II8TCE6tYdJafopvpKLMt76AWjgv
                                        MD5:406259638745531C8F1E2E39763C0818
                                        SHA1:6DA3DD4A98331CC18668B5B9AE2587EC49F4359D
                                        SHA-256:E09742B7F792949ECF47955205871196A1CB07AC03BA2B0561FD214C5495FC8A
                                        SHA-512:13B322D372EB54C3D6D8FE2F5BA164F091D202568883C0352BB6299FEE6FF7E111609B082071BCE40986BB1EE724A2DB4A36A580A889A99F9E3FEB16A7DDA8B0
                                        Malicious:false
                                        Preview: bg].CC...N.%)..m..w..X..Q.....$...v^..J%k.aB9...$+...[..P...v.iN..U.;..h.W.*......M...oj:.E..7.....Nn..zV.8.N...]..T..5...2k...ix.xc,.b{g.^]...4....5BN.#:....U;kxq....mt.B...O.w5...iM......c.(.z...(....~...dLc$c^,.z.3...n.....#e%4...H.W.l..Z.n,|......y.|r..).e.#U.u<..`......H.f..^......d%f=..Wg....}..&......q.?..:}...(T..T..Rb.......%]5..!.I.*.....'{....e...t.B..`....c.h.I;...z[..5...l.t..MJ.Gk.{DK..*..qL"....Sn..+B..*...7Ru.jZW'.B..OrQ.B.L".[.<tm.r....}..Y$.+L..4..81..!~.!.j...'3C|W!.............$.........8.ZI..fb..V.I.......'...\3.....2.....D...>.s.. &......t....`....`.....T..B.K.3..^.0YI.x..%D...C...%{..4 ....rT^....:&ng..`S... ,v.U..w..{g.x...q..?2.b.OX...o...v1.X...G..S..0.l.9.s?.dQ,...Oa..xTz........y.....}.t.Tq.m4....W.a....:P'*.....yW..c.^...fb.7us.....T7.L. .n..o./...\...c..M....{...=w<3.N~..`.N....p..Jd7....)g;)A......\$UB....e.~...I.n...{A.....%D. T.xq.?.*....-.EM.....1.......qg....] ....1D.p.`#.S....0nt...).x..Q...o....0..:..>....K
                                        C:\Program Files (x86)\AutoIt3\Include\RichEditConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):14909
                                        Entropy (8bit):7.98914765237436
                                        Encrypted:false
                                        SSDEEP:384:lAOIU/zEDrdxehQK4ZMT1or1zT3v7iRqhX00/TonIvEOhXOWftfyCb:l5rEDrdYhQuRGf7kOX00/coEseWftz
                                        MD5:D6F1B557DD858BADA90F798658D26DFF
                                        SHA1:C30AC96579FE7FA9FD1AD4838B573FC7776B937E
                                        SHA-256:48A9C30DB5D6707E578C2B35AFFF5E0DEC4186693D33FF5B5999C53C04BD7629
                                        SHA-512:94775956216FF30011AAF43BF5C19752749305F588C736F0EBD35CB4DC5967244C187F3755AB1F75856B5C4C79578BA79BAFD881FE50FEB983FC6FDF0D0A957D
                                        Malicious:false
                                        Preview: ..V..s.<.p^.....j.-.....aM<...D...gcz.l.....YnF.H_...W..p.......$..2....|....\...G..Q.Y...`.ZW......mY..IY.W ...Ys.>..H]+n..Z@.....y.@....P..R.&....-...?$.'F.k.t.MqV./..S'...$n.B6."O..\x.f.a.R`..9...c.......<x*.2 ..R.....~|U...u..7o......k..Zx....M.q.......&..uL.O.r>./.......+.'.HX.q.9.q..@6<...Cj..:.P...Yr#...S.1..D_i2.......0.1/.._...6.f.....|,.*.. ...8.V-Gm....`v.aR!...-...~.....k44.h.E...x.........3@....,.r..".`..%..c..*.....sU=.j.t.a4.."..l.@....<..k..f....e...K.GC.`)A....W.wR............$.'8......3K.....`.....I..T..c..9...-J.H.?.>..,,N_.5}.Z....5..............WD.+.......n..._.......9,..B..9J..GI(.tQ..3F...Q.G.E!..A.<........m!...H.";..d.........O{G/x)..Xz.+`Y..H7{.L;..w.*..V..B.?.Y.3^...(..R...A\.Q.N..3gU...j.2..........x?.......p..F..l.-{....`E.0......(k..G..".W./.M.8...j...p...@.b.&.Uy..|.C.....R}....Y?.....>.Q-.#}..x..T.68%.........._.*.h.y...1..~.A..],...C-#E.4..AD.=df..v9a....1..Am.?C..'.....Y,....F)8.....:..zo.C[...?..d.
                                        C:\Program Files (x86)\AutoIt3\Include\SQLite.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):57135
                                        Entropy (8bit):7.997264354762325
                                        Encrypted:true
                                        SSDEEP:1536:w+JGncGdDnrwZmiB/ckl933XZl4NcpSAvAxN75X:5JGn3NwZmq33XZlWUSUI9
                                        MD5:CA7B30D57A61FA8168F6EF225E493740
                                        SHA1:550ADCD7A8341475FB07C89E1403583FA8FD129D
                                        SHA-256:D6DD5D1046A652B69A0495CBA8C4520FC5A9A94B86983C7C76A36363F412BCC9
                                        SHA-512:0F3ED61983BB86600858AF7A447341E14B602F7095A3BBE689A4D31B82615F263ECA45223300A5BF3FC8395AC92ACCCC7117265A1E49FD5183FA05453B4CFCE7
                                        Malicious:true
                                        Preview: .QKF..e...I<.R..q>J5...X1NaY.`.......-H.n..Z.[.H..H .....o. $3.....O,?.e{z.j..o.A..O70....ugk.K.3.J0.....Q...V.l......V.2..Tk?../.muE,|.|{.Zq.vO[..$G$-'.B//...Md}..M"..YEA..L=.Y.&SJ..Jw.2...n.4]....Q.5..f.N.......^..I"..L.].....+t.t.......AM...qV.#.d..v_4...U""...Zk..5gWT.....2I.]|.*..Ha{...sA...)......|..K7..,..6d*...V..J..EU..M.(gn.y...pW.A..c5..h.UMW9.%.C..nu.te:mB..S.[.^y.E.....p.c...;.x...2#ix.2.itu..f_._.5..*.ZC..<..qc..U.#EA.,.EkTB.....7{...T-.6.?{.G.5...'....B....:...AL.EL*.'...'............$.........zOc...u....`..I.i.K.t...Gx....V.d.G...g.).H....\...).j.}...U-c...q...i...>......M....Lre..o..[.i@z.....h.MwHQ...f.U._rh...6...f.......0.<.?..O.(......h.......D,.{.9....~P..@5.....%.3<..t~..T...8..z.QT..{(.MK..gP.k+r....OE.........<...7...X..'&...P....4..W.+.o...._t2...|Sh.!..f.M...W.S..=j.. ...t...6Vq.!...`.L......ba.gdDvo...m..wP.e.......B.`8m....,e.....?_.r%..L..........("v..e.H....EiD6.(....Em.5..v9{Wk......:^~B..rw6...!..r..........e.1......
                                        C:\Program Files (x86)\AutoIt3\Include\ScreenCapture.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):11563
                                        Entropy (8bit):7.9835815018565865
                                        Encrypted:false
                                        SSDEEP:192:e6ifITg/vN6vr/lZPwYT+zEELbT7/ha9LKVnz6D8XBQ3R:VilN6j/HvbELH7/hoLB8i3R
                                        MD5:9193179D969B7B5B30DD77A8D1305BF6
                                        SHA1:281D3448250AC6AD7CB83296124E3A52F9811DF6
                                        SHA-256:82541CBA88514A0112125224E519165B91C40698E63A591D60C5508F45429AB3
                                        SHA-512:7C599C7B5E01B00B0DF9E4FB7B1F39877C639AE7EDE47E0B6356A4F913CD65846840B6515973FE1EF1E1A81D57153F70160FA122A9079CCBE39E5AB17888EA56
                                        Malicious:false
                                        Preview: $.8M...X./.N.l.8#.....?pe.....7-..b...m.k.(i..F{.."J.R....(A'WNg........m.P.;...[....].=..uFE ..?..'..I.!....w.v...i..L...]?.....*F#..>i..[e...k.....\>.Fd&.....A.P.L..._M.GY ......n.D.DC..\.;.OT...I.N4....X.]....w-..:.^N........n.vk.ee./r.0*.V../.w^..~.?j..vCj...f.".......C...\...!Y.L...a.r...%..V..~.+.i..z....Q..i......:.JG^.l...1q\.#...)'.A:q:r.....dE.dO.jl...i1k.....h4.G....&F..$..V..U..*..r.O.5m..Vj..m.<.*k.T:..<d.....X. ....9p.e....).Hp..fA.b,....<. fk........X../;/.'|....w.4..B............$..+........+n...X.&7....\..oK..N...l.pK.e.c..l......n..A.%.D..0........w.H....j..P*%.3...1IX..e.W.DM.`h..........,...Z.8ow5...i....".....Y..@...w..6h..gZ..|.Jp.7.j..N.....v"hGH....2a+B6ftt..1..Q.t.....9...s&..S.z.$.Kv.*....=WN....yV..-.4..rp.j...T...i.{..j..I...uM...".T...].U-..^.nZ.q......3y.vdV47..e1....=....[.^L.oa$.^#.|..h...<.}B..9.QR_V...D.Z.o.........yc&...&..Bo...:..|Ek.@.Tb..]...'....i...)Ym...u..>..6.i9.q..r.'..wu....@....G...x....1x.?V6.s....
                                        C:\Program Files (x86)\AutoIt3\Include\ScrollBarConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1032
                                        Entropy (8bit):7.78884628824449
                                        Encrypted:false
                                        SSDEEP:24:HCnMAelfHWfmVu2d6GWfhn1bhsV8jYoj8ZeFSTeuj+Yp0BojFAM:HCnMAMPWfm3XA1bWqwZeFSTXj10B/M
                                        MD5:D4FA4A75356A1217EFF73DC2F98F2890
                                        SHA1:ED4231AE91C95CD90FA5E6FB2A397F80AC4A33B2
                                        SHA-256:E9CA76AE3A50AC2FDB621D2A1D862F0F01529D18A63B830EEAA6F02C3131F6F7
                                        SHA-512:7893BD925D5D8FE3E2EE2256CCDC50A5C090B3B5A8B7BA970BFB3FE609BB70C1E50499FF821AEB6D3A787950691587BBCAFC87A225AF1E711CB036B672F894E6
                                        Malicious:false
                                        Preview: NO7.|.;/f..D>......y.j...h[F..X~...K`.@.$kT..L;....c.(...r^..f........r.......%"j..u.......oU...6..w.O..@.........N.....5....K.tA.X('.';ka...G...3......'w..}...$....q...Pn..Xt...._.;..^c.....l.."/i.<.^...=N.=....(f..%....9....0b2_,....H.7.Bs.....w.].A .04./.I../.\.YeG......5.....g..^..../.UHS........J5y..........X...P.^... .:...e..m<.EUmC.......$z.6.y?....BF.]fSP.!.....OU.|J..~..G.....j.../...6j..;.z.:.w..u#.5..|1a...cl.-.-$..9I.h...0...5X....)0..-.)w,.v.K........1Lw....;.|OZ..2.%"...&............$..........4)..W.B..`t.I.Z;.B<#.4..}.^....&.:;.+...Rj-R.U+9....\;W...>.|9.b...&fr....PNgj.@.1.V..Gv...ry.(...dQ..r.`O..,.s..%.O.#.AK..W..4...Ro...O%i....0T0'..duw.....OK.W..}.P......4.j..7o..D"..&..'..I...3.........oN.:..`qP..s.\7.b...ty."@1>...z...E......=.~.0.$y#.......-.h>DT.J.i8.D......2Z...P3....%....o...t.z.H.%`rV.....J....j,...........w.@.2....W?..O.Z...q.4...&G}..k.{.......`...pS?h.q.C.#....r....dM......C{.B..G..Y.oZ.z..p..%.KW..Y......F.'L.L.
                                        C:\Program Files (x86)\AutoIt3\Include\ScrollBarsConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2495
                                        Entropy (8bit):7.90533193432466
                                        Encrypted:false
                                        SSDEEP:48:XqQBo3NksDEDNpXe6L6kgzn1+xuPuuO2VwCqYhEiJnY+IbUx:XjENkMune69gzn1+xuPuFMBZnYjUx
                                        MD5:659FC336A3659E349EF72B22A5B76003
                                        SHA1:7183488A24B891CC47928604F6891FF60F388A92
                                        SHA-256:C0E0F321D41737840A3F87E1C231362978DD02A4E2AF8C0DD314FC838181FB64
                                        SHA-512:84B0A6575FD56403991B8684F81AB5743FB905EF1CEC3FEE0BAB3FA438D837B1CEBAA5F1E5D8501BAD025FD55C7D823F013B185EBA478817C5F0F6367A1A3758
                                        Malicious:false
                                        Preview: N.../.....{.....e..>9.6.....t.R....5.>.2.....@&2.o,.....>#/^...L..c.g......ZK*t[..u.....JKt.}.@$.$............x.mNe..#M(gO........mH.... .h.c!.N..?@....4E=.`..N6..g..e7.....n0cN...q.U.hP1]f..)(J.._%.C.`3B.x....,..g.....E.5d.%.&.g('E.....e.g..;.7.mrN...^..7..;...=wq....c...9]K7.g..:..oz1.0.u(....w..D.. .....).....D.yKx.nr.7....*..q..B.+.=.V.y.Sb....\..S8..g....+.^g.c.\...T9r........w.I.a.^[)...1........._*.\.W..ru.~...Z.bt..M......T4..`..B..a\...Y.k..Z..(hD....Wq..mO@......m@............$.........rD.....3...mn.Z.,.......}..~....b=.ZV]m.nl$..X<..?%In....z.{.E.k..n.%K.+...Wf;{....1.R.6%..'..D<I.....'...1.@.....V#...T.i.t6Y.K.b.)../{.....d..]....b:......:pN.4.d.Xa..7..q..].e..l...8xZ.g...+~..,.Q.Y&.?..",.[...$4..=..L.2.W......J.H......9.7UT}..$1f.{6u.r&."..v..Gh..F..........$.. ...4....^...g..n..y&p.\g..i.-...f...M.+@.i......".m.(...&....#.oy*........>....L.U..P.....`F0.1..Z........../+J..K..!Zj"..t."=...+...'[..v(p...J..p....n..I....s..Xn...
                                        C:\Program Files (x86)\AutoIt3\Include\Security.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):18610
                                        Entropy (8bit):7.989582403895191
                                        Encrypted:false
                                        SSDEEP:384:SIdFXAbMzQOjZp/gEJl0R5f9XwOecnMY08bHnkw8FMohDrZMkA5N3Cd7BBl:VdpzLPgEJl09X3dn5np8FDGjkTl
                                        MD5:707E90AC59012269CAF8C219255F7007
                                        SHA1:AF359E989520DBF19F799B6A5F3EEBC32E8BB9B2
                                        SHA-256:C8D35E792FC1C66FFD2FD6F2D1129FAA175440498458DD5A1CE6E9D1A448041C
                                        SHA-512:CC821B86C9934BE2669C2C2C6FC98DAEBBC44C13B2C66778804D612F4CE0F482F76FDEF3F902A28B528FAD336666DECF14529570F52AFA27C471ABE693478B5F
                                        Malicious:false
                                        Preview: G.>...G~...".#.7....z2.s..R.....(7Y...-Q.5G.~..Y..8N#..|{..H..."..XW..0.,iY..\.)x.....c....!..z........|.y{N.!.Tu.xm..l.l..j..;a..;H.#l.lG...*...@d.;'..HB.G..Y.....2.e.YC'.p.6B..]<w.?.U.y.\.l.....b=,..v...m.Mz....A\..s.:.^...6.2'......3.'....%....v.v'...G..........m...%.....3.e...I.l..=>$Y.|.......w$..6%...M..o..7!..3H....5.>.......^.oQ..........S]q.....7N:...G.C........3.I.Btt..MO....C.x.XG....u(z.........Ow4.....T..,zfA......5....ZP..s.g...(..:....%.[...#.{.$..........}....~.?=.o.Z.1.0.............$..F......g.../H..v..Eg..t.r.............<.<2.1F..:.L+...rzn.c...K>./g....ac1.h..>^..w....M....8..n...&..e.?Q...T.L...........+.=%.!m.}.-.. Sf.-.r:..4..K...MQ...?41Pa+..@..g7?o....QBg..,K}..g.>..xK.3.....:.W.F.....p.(....'qF..].0#......B.....j8&...h<..+. .W.'a.."...=.L..p......Yb. .`~4.y..Y...&qcV.i$r....?...>..tP.."9K............?."..:.......%4......8....;.m..$..6|..D..P...4....+...k......8........]c.......BS.pT....R..V.48......[...g...g..s.u..
                                        C:\Program Files (x86)\AutoIt3\Include\SecurityConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8492
                                        Entropy (8bit):7.980563769827725
                                        Encrypted:false
                                        SSDEEP:192:hiP7izED87ScDfq7wUU2tcl4c49+mZGrcU6B5fcD4PUV:gmT7S6mffqsF9d70Da4
                                        MD5:2DF84D65940DFE08ACC3E831460D1816
                                        SHA1:C967851874946BEADAF65E23AF7DFF9C9886FB1A
                                        SHA-256:0F28924A3C66C602AFADC0D31DD9C03CE2BE98E8DB4DA13FEAD300EB1594E151
                                        SHA-512:6E7AD16EA7BF429FC09ACA29A2DE44B5BC0173F4F42D955AFEDCF8E1B5849A2E049536AA633C767B1729E930B22BD161F9C177EB1C6E92DB06173C36AC5F7458
                                        Malicious:false
                                        Preview: >.lU....'.Z/.=-^qf..i..T.B..u....6.1..B...w../.*.....&.V."Q.E6J..v.w.....iD......PY).{f..........8..o...%e4..|.p...TvV..>.z...{..;aU..Nv.....m.i...;.n...h..}...j3...x. ;}........&.N)....F2...Y.-..2..i...a."....(........A%j...;:.vu..C[O.;..X..........J.re..p...T.de.....~q.1J.P].y..6M?.4.X+.....|>.?g....vv...(.RA....Af.A..;/..../.....vj..l...g.+(s..t~".%....Z....CJ.d.^4.JO..4.g_......-..>Y.......w/.Kq......)..Y.W..........j....i..y...O....\J.W....P..-`.Og....k..P%.......~..........),(............$.........Dw..Il....0*7...Z.I..Wb"..H.#.2..9*J.s...nR..J....t._.H...E...BU ..g.l.FQ.V....9...m.1....S......=.|..0.U..8.....C.k.s...aQ...!Ee...c..q5@...Y...]|....e....k..gB.N..../..[..w....[.+.D..Q.....c@.C..+X"..(.Z..xe.&.!Yc..........6...E3tc...[..i..Wa*NXm.e.E1.6.(.$.....\.f7....a.?.X..^y...I.;Ux....lv6...G._a.......u.i..m......<.t....u....H....P2j...Y.......8].j....c.C..|.....h@....d...I.xM.X}._o..n....F.<.n....N.X&..o{..Z.8X%../).n....:e.....#..e
                                        C:\Program Files (x86)\AutoIt3\Include\SendMessage.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2914
                                        Entropy (8bit):7.928867924572551
                                        Encrypted:false
                                        SSDEEP:48:3Nfy3mK0c/FKo55pDtzkw7VMQ+Bz6LVE0fGLotLYggN7bZgvtkSLIY//wCJAYpv0:9smK0c0o3pNHx0z6LvfGcpYgUbOvt7B0
                                        MD5:B07891D3E7FE053D8CBD18F96B877756
                                        SHA1:E06F135DF9DEA75F378744770E7C9739FDCDAD54
                                        SHA-256:70A9CF621BDCF3A783DC0A9B7BE7D6DBAB7A983696B02AB107B621EFE52E388A
                                        SHA-512:4BBE111F85D6B6DC97C2F2F1F3657BE46E1DEE45203588197E20866EFA1BEEA5661FC0696031D48ADA22B1AC962C26A8F417AED0AF209D0A009FBD8418761A1C
                                        Malicious:false
                                        Preview: ..7 ...C.`.....6..F..B..}.....(']0E8l.0....2\....,~..4.Xv.s.HH...Y...-_.-d.....].-h........!...x.......*.D..g....%9<..p7...h{:Iw.<..[{..;..[.;i..2.Z../.%{.{.C(.K..r{........e........(..k.I..K\...K[..M..gt...C:...F .n..;.Z:.f.o."v.......E../c|r..ZM..}.....3..$.F.].....W.L.g...3..[l.H..V.|K..........rVAx.?u.2Z7?...Q$.HG....@\~...J,......@.ThA..).h-.....;0.{"h.P.kJ..ixkA.b.0..*V2.3L.&.....'c.3...o%..C.C...\.N.cF..f.e.J*/.....q..t...J..R...m..d&..G.!...4....)..sx.fX...rd......I...+.-...w.u............$.L.........8..V..ST. ..U..`.....~.S..Wii0.../|o%......T.G.B....U(.Y."..6.@.!}...mm...k......V.Z..4.u.. ...$."...v....U\N.C|`.a.+T.....f;.-.IL.2.P..j.......!....1......*..Avq....b.?!vGa..)...a\-.P.I.*k...iyth";wS.9}D`1....M.2..F.u.^.TV...J....4...B....8..._gZ.|C..y.!.q...a.>J=.i_..A-.....u....mJoFy...\XfYD....M#.[[...G.7.CK@.j......f.}?t...7......h`gNS.....\....miy.d.v..v..d.8..\.B.[|n,ya=.2.i<._..x]Z..i...s#4..,|..E.....=...........B9j.}._L..X.t....4..[
                                        C:\Program Files (x86)\AutoIt3\Include\SliderConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4798
                                        Entropy (8bit):7.956351779444968
                                        Encrypted:false
                                        SSDEEP:96:U7ZUwd1uyfPk7n1AfDKhweM256wfd+QSC0/bB8hxy58i/OK1WDQJk00z1Nl+Ll:SdEGPk7suet256wAQH02h6OKoM6Bz1vu
                                        MD5:7C376F091F764900C89B0CB63D2FD20B
                                        SHA1:0A1A071131E3FFAD0025AC69ECB6B8EB96F3AEC6
                                        SHA-256:474BC2FFC9398415B1D63EF82E97603D1C456D1891F4764DF8F9600C568B485B
                                        SHA-512:B453AD013F4B68DAD31B672B7DF971A30E27BEF1372D363CE1FEA3AB8F77D663F51AD4F803C86345AC298490253B351C4A7AD9D6FF40989D8AD2D82E89CC6E3A
                                        Malicious:false
                                        Preview: M8:)...}.....]H/z.....D...'/,.br.()~..-......k........GG..<..c.0J..57o.m.2.v..Q..(..5..]..:8.............H..D..8."...,n55..z...j.O...... ...X.x.Yp..]7.^^.E...5\e.L^.....1.:...........0.-."6..i...B.o.....nm`%K....|2...).....t....g.-..j..S.....f."...C..jA..'b.1P..`....p.%.T.... ......./../... .9..j^...k3.Z..o..1..v...kOX...->]..xkp.U8.Z..A+.i1.o..i.+..(..]....+...i..v.....z.g`...X..R{z...I9l(Mq...s/<>..F..HU.p2I.........../bH_..^U..$..b...}Ml..........G..Y.M.P.....AX;.=.dM....J.&c............$..........Q.(.k&H..3...e..>'..T...m...@w!.%.uU.".<'..g...}.a{......?....\..'khs.|...)jQD..(..iG?{.\....o.z{.|..M..H. ..S.*..P....WCr.}J..y>I.mW...."I.."q.@....y...-....W).:..2..V.A..s..[..b...P..je..b...Qi..^..?.a..>u.d.I1...e..h8.G.d.cG{5f.=X..A..F..f.+X.....r w3/..5..:.&A..:..@N..83.6.}&...Z....2...E?J..c.T/h.~.~A.....a..G.....,..r_W..>^j:@S.@qa~#...O.G......o.....t.f|.a.00....E. .x...!Y.?.'9.h..0.:.X.,.^...KN....D......F...L..s...P......,...Cse..
                                        C:\Program Files (x86)\AutoIt3\Include\Sound.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):23482
                                        Entropy (8bit):7.992194689884181
                                        Encrypted:true
                                        SSDEEP:384:kTk/4MZNBj9TZ+/dfw0olmqCi95fwyEjMS35ETFUcgD2UvnaH8fk8cpXmaO:kTV8TZirolmliLwVjqTON3aSkvp8
                                        MD5:281735CBDDD5955C755C6710A9A017FA
                                        SHA1:5FB198E703C9126B977AA6705C8EE6038C25831D
                                        SHA-256:EB8E9A01FC5FDB2DC9F0A42E4E2303F394787CB841809DA8D6878DD92002B8A9
                                        SHA-512:CC815F0808916BA8425307027FC962CC9C94310E9A7934CECF60241D7049EC51064A733FB914824AF1AF91E7B9C71DC65FF6A998F0E1B980CAD9D75D7C71BC71
                                        Malicious:true
                                        Preview: xZ.....+`,P........i....!..Y....p.K...v...!d..WhvV2.....K{..\.>.$....Z....p.A...5./qz...[..s....x.BF..)oH,....D.,+..F(..3.y1.n.c....t).H2r...N.x..e.5.+&l'R~.;X.....H.fX.VmS....Z..xj.cY..#.&.....9...CC.#R..L.E..<...dq6................/.........&y.r.>" ..\g.......g.H9.....9+..e.9&.C....+6..Ml.B!zM6.L.a...b..jE..VO/77kE...|.-W.1S..L.CM..D{.H...w._..CM..9<..H... =.7.M.R....O/;...*8.b.....}...{.O.....C................j.7$.z?......i.....1....#..#..-.=.7.?.w.Z8.Lc.~W..Z.....t..}......f............$..Y........u.....H..=]......:............n.>....%...c...].MH7.Y.G._.[H.>.`...jv...S..6..Dp.'..L\.Y{(.+.....&.K..QA..h..M...."..6........(.d.A..Y...K^(...b..4.e.z.#..`.].T.F...z/.@.7...3...M.<s.........`A."KeL{.T0D...V......)Mn..D?$..x.k.N.Hom1m.........i.r.[.GK.7@]..('..........deE...ZF0W..m^.............n..?iW.4...]..3....T#...2..=...X$.......I..@.A+s.|U..~oa.)3.) ..........l.H...[@.y4..[..G......6.f....J....2KNn...1T...}.....;.{v
                                        C:\Program Files (x86)\AutoIt3\Include\StaticConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2511
                                        Entropy (8bit):7.9306271015754595
                                        Encrypted:false
                                        SSDEEP:48:j8TF0tbibICanYWWPvhV+w4MmD/hZwjv/5J277EDYXnnwb:ITKoZa+b+w4XDX035cXE0wb
                                        MD5:3D9007E4F1284E167CAD69819CA08045
                                        SHA1:330397FCA20A13521D1977CA97F02BE7F77C1F9F
                                        SHA-256:D0EDF466A96BFE54576253F3D5BC6B45B8A0B07FA3A0F70B8FA28E918DC18FB6
                                        SHA-512:B68D0BB6841D508227827F82D516EC6C4E49E0BD80FFDD4365D53A0280F668D6E4CDBD6D5E3B5B50E474FA7728124B3B21C50F79DC717134BF558801710FC450
                                        Malicious:false
                                        Preview: En~.8Z.....F.+..i.%.....d.;.c|.~....j..%..L...f...o..O.U9..0.;.@...h..j.s .S.6...[.. <&.&.......2i.]..k)....~....]N....Ab....pHh6...^.E..i9.t.....$.G... eh.....p..nT..@...3u..YY85l....q...~.x.$H........nt.....C...@.....`.....g....'J;%..."Uf...u..........=........EZ...V..f../]...[.A.A.|.....h.=..(...G.\2}...{.i-8.*v.X.R.G...4&............8.\..P.@:...(..r....!e=..]..>..s;.a.(..8V..]\.HS.f...).(.{....^F.l.7...z.....\@h..&.4....V..nI,.7...a}..*..,....rV....)m.B.k.t&.Qkbn...K..dG.................$...............pS.(..@}.....Tz>.5..y...2+..1.(.7:..>#....;pN.cf..2._g.t..9).ilU.c...E...X..q.w....I......|...m...4...]1..7......g...I....j..."=..a..g.1..3..vi.i.:1....3.Fc@.......H.oP......L......dCu.D...{.9.32.D.q..3&...T.z....l..:.=i.4.&.j.v.k......J.2.C)........>p...g..z..qC>..!.....}..D.(.g.L.,...4...+_...A..].....N3?..x.S..,..Y...]..tt...Z....c..nt..N...zR._lw..%......p:.....y.........t.XQy.^...=........8../^=U.g1<.?.....@c...k.U.
                                        C:\Program Files (x86)\AutoIt3\Include\StatusBarConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3750
                                        Entropy (8bit):7.943963495352628
                                        Encrypted:false
                                        SSDEEP:96:VUGWMdoRxdpDQ6GnEkPjbwMEzTzi376nsGe:6+GbdqVXPjbwMEzgwM
                                        MD5:9F7E7E10571299A4316E6A9FD9C404F7
                                        SHA1:E74E423586606B76ADA6220986943CA770144E1F
                                        SHA-256:9698C11560C5CA9C7AF82F158EF8EA7A0B3FD82692705CE89335E741DE36F2C3
                                        SHA-512:AF23A5786ED3D656B5763BB924778B19ABBA15FB70529F4B08BCB6F94CAF49BD50485278476484AC61E105ECE3C23F3654F9225F7606419992722968AFDBA87B
                                        Malicious:false
                                        Preview: ....l..$...A..9....=..>.h..R..?."....&D....+..s...O0......kDO..:....6..!..<..zY.w..8i.3.ZZ......^m.d....e"J..9..)K...cl/..#....C.p..2..|I....J.(!..py.@.....m.0EU..S.......c7K.....(!^A?......(...`....K .m.@......@..@....C&.7.....y.;.W.J.-+.G..Ar+.K....|.9]...E.*9..e.a.Vae.../....u8...HX_.Qn1.UUF..j.....'.....P..X...`...g.7.>....x...>OBa..M._...B..kz...4O..A.P..|!D/.H|..f..a..M]..5.......`q...w..../..Np.....\...{.Rc...2.1L.&.z.7&"......w>..i(.5o....+..2.>)V.i.$.1.9..Sel.......[..!............$............uI......F.JW....=T..L2....~l.b....B....{f...N.....p....5*0zE._PW..".yX...f..d.,......-s.....q.yeq$~=n.G.i&q...ur.^..(j..A....[..e......k6.w..V..`..m...#.(..o6.N..|b.T{8.6?.LZ.....#K8.'..(.....\....Wq_.7....O..4A].....C.&m.B...\QB.+....N..........].f*.....O..H.+...O..B..v.....?...+..al..Bk..N..D..X.y;o.6.../...7......)....o..C...$.5.pO.D....en#....1.O..........7.'.._v..k...hMO...@.F.kg...9..yN..D...@....'3=.!.ENLA`. ..^n,....\.. .G......X
                                        C:\Program Files (x86)\AutoIt3\Include\String.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8844
                                        Entropy (8bit):7.978200343363929
                                        Encrypted:false
                                        SSDEEP:192:tzP5TKHhXjJSy2cRiKYOR4xXoMj9MWY38d:d5TsSy2miKyh9aW
                                        MD5:1F6AD80F2D9CE1288167777C18EF8CF1
                                        SHA1:44733F6147917F2C54E2CB77D698C6F2C53DBAD3
                                        SHA-256:23E3AFBBB006A87A0B0552177B34968ACEB9346A341ED9751B1C47CD73CE08F1
                                        SHA-512:0F07146416BCB4C74DE929D64B9582760C30203B3CB786D07013E48BDB811212D839BD9DDD031F735B657A12C0B0C75532F1DFDB9330095EB95B700F886151FA
                                        Malicious:false
                                        Preview: ..k...k.J.-F..M^o2ye....D...y$..f...K............i......=ZD.......:..X...m..Y. ...AP"...h...;.....t.+..D.e.Hy.=......M..A.Py....>.Ykb......n.s...s...]..$tX......._x...p..LR.....+.....nY_0......P.ht...S).A>.x1Syf...}..:=Qc0.] }..'c.......w.L3 ..x.."K.]W....*.H.0..J.........Tw.CL]e.Rd.........V.,..=..`....d1|..Nq0.Wk;O.....$b.0w.K......?.#..Q.*.J<......t.`R?..H.<.<......v...p.3.*.>F.....!.I$4.'5Zd...@0.*[........S..QR.s.......C....8JN.....w.c~.1Mp>`(BD...V>B..mc#...<4c..I.f.,..............$.v ........j....G..:...."..xn..b ....=0........"O.s.A<.2..../...+...,m.h4...y.?.PD.j......q".I..%.U.a..UOw:.....b..]....3Qup.]..IS....K.\H.|.B.$._........$..DJQ.-.a...N.<:.......f...u'*.T....aP.L....V.......s[..M..[....n.Z.l.l...f<.../....@1...W..z..<..bF........n...Pg...j..D...:..89..t].Q.[D'...-G....Q...t....B..z\...vk..._.E+pF..]..S.!...1a2. .....1....N.....\..rv.Z.:7.WC...i.!.8.wN.9p....y*..k.b.0...q:...Et....f..C.~.iz.y..S../>..D.<.....J......%.
                                        C:\Program Files (x86)\AutoIt3\Include\StringConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3388
                                        Entropy (8bit):7.944047612924355
                                        Encrypted:false
                                        SSDEEP:48:sT1K9q9T0YwB97GJjkZhY5Qkhj+68dy1NNnf7amf4kBNow+8j4uhR/ymRXIf+D:mK9q9AYcGJoAikk6DrJfd4wN+8tR/ylu
                                        MD5:32A8EF5CCC189AF5C25570D720C675BD
                                        SHA1:328B13F8042EC6909BD13FA3680F370E9E479950
                                        SHA-256:4B0EF2A3FD1E30D2C165CF6C09838F810B4F952EE90C0A3A5E5004481C8E26E5
                                        SHA-512:A2F6B7E1D8F604CA86EDE4680228BD089F4E4A397F4EAEB8B37E2B36F6BA950B038C56746A861921F8828CBA31843FB569C26C487CD3592E39CF723D98DBF529
                                        Malicious:false
                                        Preview: ..3@K]&...>!.>.@A..6*.I\.2.~&F7.4P.....<A..Q..^........X...=..`J.=[....P.3...0...N.....8&...Z.nE3sU,..z....n(...#J.x2..^. EN}.........d8a.=B.k....;...G...0}M.N.#.)..m.X.t..|.....)..>.=g..f.DeF..!.a.....O.#.....k?..z.....R5.!..+..G..KJ..q?..W.u.>....(qB..>W....G.uMHTuI....3..3.... ...;..H.9N.}.[k.B1.........?h.. ul......`..]bo......v..Wjq#.....|B.=..D.BM-.k.Ap.....<..^p>..9. H...v.1.*+....m...r:.<.d.c.s.....m..2F=....Bo.uL.w....n.....0..N.f.-m<.+..]n.;\.....F...'..[Z]...1.i.9....g9b|;..y............$.&.......wv.$R..`....8..Ad.~).|.........1...:wK,~.....}.x..4$.fN5.....C."..w.......3/....N...0..J...\A..I..w.jN..q..y.<....y%....9.^?.5$&..L$xP..m;.d;....b....G.Jn"..6..pxv..*...|....-....OjQ.1t.]M....&....k.....N.,.....s\..l.....{=..&Jo. ....W.Em.T.>..k.VO-l.J..."{...1..7.,.BX......v. ...6....u.@.}.G.=.6~L.-y......6R9.+s...?...c..k...c...\m#..YHC...+K..z;W#......Wn...!cB.......%\]C...EV.na@\.B...^..h3.|h..U......b%#O.p......g.;.-.k. ._.....9)}
                                        C:\Program Files (x86)\AutoIt3\Include\StructureConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):64819
                                        Entropy (8bit):7.9968161972886405
                                        Encrypted:true
                                        SSDEEP:1536:AA7JYxbhSWnMr/7KAy9tEDOBXl7Ma4IL92z/9E1ydgEs:AA7J6RMrdy9LloNIL9279E1Gs
                                        MD5:1F9F3C580ADD6E612DC65F34F3CF50AE
                                        SHA1:7BF4D4A24BC7E0D77733E0C1B2874E687E2C4046
                                        SHA-256:47E4194CF8487303842B100235F5E0A62235E4700EC3E96B08F7419A6256A643
                                        SHA-512:2A39A4EE8063A8B235D45725D2413F4197968A21634133867F6636699B78D88B08715C07E39CD74216E9EA03D9FD79DA4DE9EA4C55B013972C51585491EA29BC
                                        Malicious:true
                                        Preview: ...m,..M..z...<...l..cN.O.1..*s...I.......b}.V....H.....6.K..f.c...2..F...X....R......\...Y...m......v....{.o.U.4GR..e.aT+.l&.....1u....,x.G.7...\y[.O..1..4.%].Y.~...Z..q.....=.0)..=B...I.Tq..(D.:.-..!........1.8..&.......P_I7H}._........Q..Sd.3L.?..{-k.q........./......X.G..i....y22.....`..8._..........>..I1.j...0.R...0......y...2..3V.Y.#:Z.N.Z.......t..L..I..-}.,.k...g.^.B8.B..Y...I....9)i..S......o#....?.......MI.6.>.._....n.......`.<.......~.m.L...e.P....p.1Q.L....<.6..............$.........2'r.7.....P.j)F....[..J...q1.}_.I......<...X..S..S^......=.?..)....?......-..l...kN).h8E-Zu.17.6.JP...."...-6..5..s(aj.`#....E....#Tf.#I.zh.I....&[..'...&.1W....$.l`ZQ..M.5.s.....M.[>..C.."......(R...]...R.....eV%..z..$..{UW...&..b....a.......VZ"."....O.Q.J.%..j6.d....U.....q.C^.....aWXz..o,.w.~z.....k.....Q.C......:..I....^..\.S5P..o...+n.$.h.'.$....H.=.....r.=.h<..K$.[%.\7..........i.!K.7u.!..#.U{.K.r..+:.._.L?..h..n,...Y....W...'U
                                        C:\Program Files (x86)\AutoIt3\Include\TabConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):6727
                                        Entropy (8bit):7.965722326973481
                                        Encrypted:false
                                        SSDEEP:192:6BpEJF64rZX5sun6dsqxwpWPh5NqZNU2Vqztx:I2JP5sUUHxdLqZ5qn
                                        MD5:AC65A1B22544BE0CF11614154F8BDA3F
                                        SHA1:263F9BAF580A5B55A4B1FBE36E8F86B449576E21
                                        SHA-256:DABEC195E81752818A8E4BD3C8A4E61FF5A0C662263D9FE4E96B96A16B7DE20A
                                        SHA-512:F9F66C7DD2EE60392E70A7995A416BFF262822E85D7FF8E216B11BC4C2B9C1DCC21AB671A5640899AA32FB4CFD9C5199DBC0D34400789353FC361883F0192ACB
                                        Malicious:false
                                        Preview: #]..+.h.[....T.".g..\.JY$....Y....5...*.....8....+_...*~u.f...a]..<L...Xz...wmD.\#.A....w>.!.3..OZRFi../..Lb...t(E.D.Q..d....B.:.:...c.naH]..`]......;1.@v.1R.m.........k..oW........2z.pe.sB...O?..*..iU.h.. |"]}.f.V...22k....f/..7..46.....l..%.../..@s....a@.e.Fk...;....+.."{..{V.L./oR.9.:WS.9W..........R{.c.W.*..?0.V7.tky@.A^q#...._.ug...(...........d.G.t.g~u.,',...PKV..u..5IuR...B)$...5r`.....IP#0.. ..`>..I.L8H;I..WA...+.5....[...:..*,Fq...D.Y...f...t...#.(.L3...I...ZoT....r^............$.1.........Q.._.T.f.[....A.&....Fj..."Y?...Yu....Z ...s.C....L.)n.......8...a ...M.....l..]3,.V......{P.....S,.:.......wC..$....<....G...'..=z}Gqddq.o{^..8.....+L.7.6..s.-1.......UM...M.V...X.0..w.P....z.....j...@.?z.;...7....8.E#...'"..QV.....v.P...b/.~v.U..........%..W...^... ....DQ`KfGT...d..............R..xU.6.L..fL...z..M)...2{3..Rb..5.-B...$.G5..5.i(&.-..dD.d....X.a_z.+...o......;na.Jf...E.`.z..w[..o.jL.l8........`..V."..8IVx.|..m.9"3v6.L
                                        C:\Program Files (x86)\AutoIt3\Include\Timers.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):12386
                                        Entropy (8bit):7.985295600201529
                                        Encrypted:false
                                        SSDEEP:192:sitJJZUiyBRrx6S+fLPyY3jsH9p/dvkJlKf2Sa2aAX7xCG7n7LXUseiaTVwT:ssJZ8XFyy8IH9pdIMf2ULx5HEsehTVY
                                        MD5:818D4FA775A43D8EBBB24D0CFA9E9D8A
                                        SHA1:2C7B0730621E57BFAC9B6D6A7A225DB80A553C5E
                                        SHA-256:C84BB0AA5CE7BAF82AFB370D67B7B9698A821C9A761915726F00505F8B5C3C48
                                        SHA-512:363A4DB6A6A1DB6998C049C70CD9C345C08C3D7D202F67EB4A4974375AA6F6F0F1668D64C1E16FAD4C8BB9A6C7EDAAAC7B9997D73B19F43EFAC4B615C19D55DA
                                        Malicious:false
                                        Preview: .i.C>.....5.......R....Xb....3nga&.S.W..T.Z.7...|.c..~....iy.$....:~..Tz....e...4..6.......rp......1.......3%..v.;.EZ2.............z.~.u.r.Vd.....#....,.M..<..H..3U.e6.D.6.3M$!....r..C..%}.)...Q.#i8.W.F}...)5...s.'.n..q.F......\^.`.m.ltq.>.O.qN..iTz@\.~H.=C..O..P...ja.R.!..E.!.t..sB."...L.v.N.4.|../.d.>....y..K4D...._......`|.2_..."c..i>j.B.}../.9H....YV[.r+...#.....<.qM.I....pE.m..68]7..<..3..%....i...,.J..\....../.....j-.._.q.....?..N..;.W....;...z.......y*%..X.....W...............$.L.......N1..L?...h.c.....Nm..?..}.MUI.#.uub..2..{[.g)sF}>$.Z.........v...........$m.t.Q.QSq........vf...\..M...8..M....^..q.a.R..W..y!k.a..6h.A.?I3.5m....'.u...=h...x..c|....~.......h.!..o..J./.....%....KU..%..xW.[=u.....^.+f.......\..&.u...aC.(...(.B.d.)...9o...9....fN....^.."22.W.A.)...:....v.....)..A.........`..6.u..v.A..kx..V6m..7T...J+..X(.../...&.U|.\..U>z;..Z.....3....[d.7r.&.e0}`.n..a.;...#).J.K.*..Bs..q.b..!R..DD_.,....z...bE..O8I.
                                        C:\Program Files (x86)\AutoIt3\Include\ToolTipConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):6060
                                        Entropy (8bit):7.968730256707303
                                        Encrypted:false
                                        SSDEEP:96:KQVhx/UAePPokGk01qCGWOwmT2Fyb70KSi/eGu80SBeTfq0QlhTGiHLPoSTWDZGX:RZ/WXAGWOTcK7/eGu5Vfenm5GXKsH5r
                                        MD5:8219E0C76D9C74A65996C27D9A9A1C5B
                                        SHA1:888226ED7DE7613EEC9199054FA5161FF7DC776A
                                        SHA-256:210B42172709FD44B8BDB278E5E673A06060756690FD3407204BE9DD3081C9BD
                                        SHA-512:E64C5528E050F8A001446E7870D571F99A87D7F348BF394AAEF348BA14AC097B1D40DEAF7061ED7DA3EE485C660585C9C87E12CC99A966303C70BA745845E040
                                        Malicious:false
                                        Preview: j.6.i..<......(...1'.S...nd.....X..a.C/.5\...T....b.)..F..%"|.|j}..!4.....=c+..|&.o....&>....U.b~.....z.%..o.Y.Kp.@.............).$.E...@....\+#.Jr..j.t[.4J.i. .....S$0..E..t/~#0{.s..a....C.N.v...i..*+....G##..2..E.r_0.c.s(..s.%.=!:.g.Ql...3....ju...:..........U(.o......J...`q..x.S#jZ.E..&.....1kL..n/LS..)'..RX...3./4...W....VdTBZ.$;..f.$KA.......0..u...r..OHI`..S.\..T.u.>VQ>.....s{^..'..o....._..,_.Ozi.$v.[..pz....g... +F....(.j...!..e...F...........J..c*...=.v....yQeHY.2.V.......T.............$.........qM.8.zBH?.T.e/8...7.........$........&...!...ZV.6..2.>H.=.(..pr/.(F3.%m...p....pF1.T@.=$..5.=....P....u....u..-T..H.........V.t..D.;......_..F..o.G...3YEs.....[.8....4n.iMa..g.X..N.....*v{.4.[..<T..J....|.\~.ys.<....<2...jz.+.2^........|P.X.#$.....#ct.X.........'!0v...s.)...,.....\cr.&.....aS.i.V......:...\..I<gd.r.o.....&|h.~.{\.W".....1.`l...?.2...A.:.....}..(F..N.`.js...f..2.U.M"...<.c........X..@...u..-...`..bO.P...g{.X...Y...
                                        C:\Program Files (x86)\AutoIt3\Include\ToolbarConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):14267
                                        Entropy (8bit):7.987967166716507
                                        Encrypted:false
                                        SSDEEP:384:tcHZHINf5hgmDq9TZ8j1x7qxF7gSp9tzM4msHvJk613u:tyZ0HO9N4v7E97FzHv51+
                                        MD5:A21732A01A45FBDC1FB2402716C34B16
                                        SHA1:0358386762FA4D1B0827A5015F02E17C368A4797
                                        SHA-256:735AEC171F613CF2AE67F2EF0E5C997B7E4D0F84A3CE39862BB7F6D456E69972
                                        SHA-512:D088F919D657EF8C442AE615ECCF29A25C4100D6C20C7451C86C157C7A28CADA5CAA7CA50B263D2DA5A81E9BF737BAB26944405385239572B73E0B7BC4FDE582
                                        Malicious:false
                                        Preview: .&Zv....Zo |.W.D...>.f..yl.....W.5...j.4q.4_..7"..fV$.. ....8....p/...3.g.?<....s...3.i......4?.e....:t....m.@..{Q..?Y;...P.h..a.v..eQX.Q;.=|...=7...)!.D.I.f.M..H.(.[...|...E ).0.28,......o..CF. .m,#V>.I=A............;..6.2?-U....._.~ ..$.........d..F.a.HR.?..p...K..F...s..Cg..&#es..1.T.*.j.i3).~P..}3.lr..qQ...`.7..a.-1....&.(.-s.......hT`.K..<#d..'.f....#.t.(e..O9\...K....R.H.|UG..A@k.w...j.u.t.g...`..P..K.;..n....K.....Y.....5.G..;>.:...X...6&<....q..w....z1.y$..4?..J.......y...............$..5........I...s.r...R...%.q...8..Y...'y.#.KV|zz<0v`....0&b.tFV........SE!^e.'r......./....<..e.~.&H.n..s.........C].&.c.R.f..0D..Y....G...q3.\._._+.^.ZLk5.BR.....f.s<.9ne.....T;...+.`.y..>b...&.RX...x./c.y.M.f.}.....e."Yv...Y<5e.x....K.w_.."dL......+.../.H&."...x..\C..L.z.=Tc.e.s&=..(9....&k.0..a;...&../....3...T..y3.x@.lzJ4.F.V.:z..+.Kr.;Y..X.n ......\..-....c.........Z yY=R.b.&..=.!.$...-y....R..i-.....O.Wp;W.is..LHZ........ kV.....7..-......R..E
                                        C:\Program Files (x86)\AutoIt3\Include\TrayConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3196
                                        Entropy (8bit):7.933086944002066
                                        Encrypted:false
                                        SSDEEP:96:ak7Z3NREYyZ183iKC4IiVi4UeLsca/dyCPwchLgn3cM:77Z3NREYW83iEU4bLscu/8nj
                                        MD5:80735FD75D66ED991E92B149192B3671
                                        SHA1:B092D4991CB231477B8D05258769A7C5097C4899
                                        SHA-256:FECD73D70DC73565C92B69FA344AA4FF6E686DA421752C4B8B3C374D0F2BE109
                                        SHA-512:12A9697E9538FAEBCC4EB0AC40EC6CEC0BEE6291F3436D424C5DAD33E76B6BC50CC0BD557FB26647B7BC4A57DDC7A51252FF5573543B191AFB9CEEEC56C73761
                                        Malicious:false
                                        Preview: ...}...Vh...J.S.YF8.../R.......m+Z.5.<J.7...'\I.T....e.Y...y.B.e....9H.]I#...V..7/..u..,.Ld^b.m'-.`......aF.I..7......|L...J.j...J.VPF.j@.......;O...f`.q..hM.J0j.p..P. O.....$$..hz...;.."..\[......Q..t7.....m....r.,..H.@.e4.r.P.Hb.Mo;....3...iZ.......e.p},...<.Q.(.;n.|.........q@.0.......%m{ .P. H`$..'N6|Ah0>kG....1 .....T...!9S.....U8./.....R.P...#..e.P..w.L..H..j*......p...4...|...G..COy.......m.J.R...t...c....@.a...V..+c...w..'.o:V.=...,/..8.[..V.<..3].+...w"...en=..$...$.&H............$.f.......#...s.R7.. ...r.om..L....V...ID..|.u."....j...H.......".....D...6.....'..Is4....(.cL;.F.7...,..3...].u..;IZf.2..HJk.d..rm.;...@.{..=.I36..2..k.S6.....Q....A*$.2...Uv.c..5/<I.j...d8....pv.`.C...L......Y>r.?.,.A...h....-..:z..d...A.*....ei!..S.kg6+...|..5Zg..m2.y.a.V..-%....t......Q.......|S...-..N...9.I...<...E.U...Q...b..H.^J..?.R%.f..K.g.D......Iy.D(%....`...g#N...FE.;..8.Z.I.3j..>...*T5m.4...!K7u..WW...7..R..]*..7...`[.D..,.Pl........*.`..E6.....
                                        C:\Program Files (x86)\AutoIt3\Include\TreeViewConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):9935
                                        Entropy (8bit):7.979430943874364
                                        Encrypted:false
                                        SSDEEP:192:iEyibdw0Th15d0h12hoGWi/kTRBjhGyMg4Xq0TOwQjr2zqmeMi7:iE1l1K7ikdphGyx468QZMy
                                        MD5:387E6148C5B0D1AC61F1992C0831D434
                                        SHA1:031F9249A0D3AD1F296CAD95F8D2B30A5A7C7887
                                        SHA-256:DE25EA0979F5BD7E4C19669C8006BCED8A96AA85324E6CBC12E0B0CE4787C51F
                                        SHA-512:4E3C41497CC22A69F213B91FBD347E0B8A4DEFD1749E3EB77B939CE41770202CC1E05330A309AF01816BD60793FE04C519EC46BD396C930A40CFBE87434276C3
                                        Malicious:false
                                        Preview: XT..Z>.6....._...F.I......._....9%I....&&.f.C&..]^-!...T....P.....5.}....l.?....[iw..(.D..cJ..7H.+...<sA.Y...B69".z..R.M.....r.m.... :....%....Tj....f...v.....N6fJ..H.@V.Vtk..E...{.a..#jp0.m[.......vM..m......k%Us.....N!2.p.\.......k...c^.I%..(.[c..N..$.2<+..M.5.. ..L..s...o;"..-+.?....E-....h..!....+QN?.\).R.A.H...x#...@g.?..z(C.........Ue.4..s.]W.%0.u;6.F.%.Y......{=..**l.gA...?.u .!xV....SH.A.C.....g..O.o0..^X...33....0.I$^.4.u[.>&.|........@.Xb..rO.A..._...nT....P...;.5.....&............$..$........9H...U.+..\T...M".LCW........5...@.z..4U*?LH...c3...L6..........n...AUm5..../....t............e..z..E.j6>u......p........Q.K.+.N6.:..]br....b....U.....P.E .7$..c.{...P....'...a.Ka..J..%X.n..#:2.gH.t?..m....sZ4..3i@.B..B.....H..C_!n.....gpy.PNLc.`....}.m.r.....da...j...^...:.. -.....m.......'..t{s.Y..CN.._..k...Y(Zq..b..o.*!n.[..]..+h..P....jm...%$U.V.../.H....:}.G...:.Y...%.pI?......?...l-...].PST.4.R,(......n...Y....&.$.....F..2.R.1R..
                                        C:\Program Files (x86)\AutoIt3\Include\UDFGlobalID.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7223
                                        Entropy (8bit):7.9721637808314645
                                        Encrypted:false
                                        SSDEEP:192:lpLKi+Y9l5ZyKmkg0ZTualD7pFDsNq+lLsBQN26C:7nr9HjgyTFxFT+lIn6C
                                        MD5:357F550F616882FA7FAE29B1D03743BE
                                        SHA1:5BD525850E9CAEA61B96794F9E9EEAB902FC62DF
                                        SHA-256:423B09EC844503317C1D03AEB9C972F26F704DC05DD08084CE3649BA383D44F4
                                        SHA-512:C931E2BF76CD5F87628F33C6416C378C64965A145A10EC472E7D4ABBD295F02E1C3541ACFCFAEFCCC6F1AC0397D8AC911C04FF5F648B42FD4D26282F3E85E78F
                                        Malicious:false
                                        Preview: .#.&..zD..=g,Z.7M]..l..A{....E...)...>...%k.%.......*..!.k...G].?....I.x.....).c...k-Q.B...2...5I...B..3....ws..%.a......KY....5.{.......r..t.&.>........].@".....:.]`.......a..NR[....[..i..+bn..D.....f@. .+....S......f....k.n.>...r..:G.......!.8....bM..-g..o....:.`"&..O....!. 9.T)(.g.:.fz.M.wX.....C....]..........Nz.!.......r....R.<h......s^u...E.,D...U..f.Y,...&..C...o.....B.0.8....@....U.q...].yX.._...]..-.4{....._..$mjY....!...dD.........[...ymk.#./.~..J....#.-.R..|{..M............$.!...........yU....J..O$#v..'~.&.I.......?.5...Sr....G......'T,.c.....Y.O^..>@K...a..z....y..A......R.{`..A..?.`H..J+b....,....c.......Z.V.4.w....J....g...S.C....z....}.`.#.zK71.Bk|...L0.(k:{%o_I..~.*.K... .X...4Q....B..86..9M....$ik.A3.A...iL......CC..Q.d....v..0...R.D.V~...ty.#.X.@.V....c..].....c.....|.?rJ:b..a@V.6}.B..^#....U.E..ili.4..o.r....o+.T.n.0.. |>;6.iQd@o.Ir.....b...uu......c..a...64!^H....o..DQt.a.e4.1....V......d...?d.D)X|...K>x.O...
                                        C:\Program Files (x86)\AutoIt3\Include\UIAWrappers.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):110575
                                        Entropy (8bit):7.998264048117808
                                        Encrypted:true
                                        SSDEEP:3072:iQcrheY1GkoglCgbKLIItVwCdjFWIzD3x3UcRk:zIbPogsgbSIwTnVrk
                                        MD5:E818366FE07650D74DFEB0F76580C168
                                        SHA1:461768C45A9D333529F3DA3C08AC68D4368BBDE4
                                        SHA-256:4B951F183038B482DF59F149BC0A8FDD62387F72080CB971B96766583960D397
                                        SHA-512:13626AB8953E6A508D9A9D6DABED2D310F4883E0428CE359B9209E46FFB97F0BE4D1D9F33E8ABC7B30475FF47D548F19284F70EA242994E5B7D843586E21D1AD
                                        Malicious:true
                                        Preview: Hs.m...U...I.'b+._.R.......&9.M.-t..@.S.~.t..q.....A..2.S........1sr..l..z+.$r..B.8~D.....O.........!..gh...F...LHX&..g.J......3CvD. ..7......t...X$.[.4T...N!W}cY...M..Q....N...rSE..3=...d.L...Q.).}'.[..o.?.e.;.4f$...4.:E..QW..Q...|...%.n%T..r..F....c.r.u..5H...@.g]i6>.hl..6...*.8..).........3..?...q..>....#..'..........N.6.y..B......V..b..|.i...`...0[9........9.N...&...l..&...A..Y$m.......:.3...."....z.Ua.0...j...p....?.^...s......O.....X .A..... .^.R.e|..|.....=..N....o.%H.................$........f..(}..E.*;.+.HP.S'..~.%H....&.W."h......4..T......x...O.&...... .K.F%....p.x..f....5.n......b....7....kq)f.R%...._.<y..Y.]ul....9ba..q...{...2...F..6. .e(.."...y.......4F...'..I^..#...{[P[. ....".........>%.^..-{.O!......X.W^....@1Nr.A......+..:........*.9.........uJ.%..n@...H...gP...@l....}i..4.p.t._.......cH.Y.].}?..U.........k/.>K............J.K......lf.B.8..g>@.F........``x...^.....d......<{....[Qat.y.....b..DL"J2..z.H.L..>
                                        C:\Program Files (x86)\AutoIt3\Include\UpDownConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1685
                                        Entropy (8bit):7.878769734876082
                                        Encrypted:false
                                        SSDEEP:48:KVFMGE3ErZEFHHANwDKB6BdICM24TWJouKEn29Rs1G:KVK6lEFHHAwzjM8JormG
                                        MD5:0B51D95CB5C93EAFD2539480F5C4B59D
                                        SHA1:CAF02EFB18316EB737517E39E443DC8025140596
                                        SHA-256:95845BA85376D323DDE4DBCD39BC1B8443A5AAA3123D1F06241FFA2F528700ED
                                        SHA-512:E7FD365C7C20C0C0DDDA66CABB963C5DEF50981E02B3AF0A98A35E9DA30F6FEA625F3FB0AB95DE1CC3074A5E9EA3829AF7A47331E48CA53E70702AEFBC174A4A
                                        Malicious:false
                                        Preview: ?...$.i...s ..z.Z=m4('.@..Q....U...'.f.a..{~B.......b.(9i....G..>.[../.q......W.&R#A...........r.6.^p3.j1y.z6...x].....|.y.. .8...PCu.UX..|../.-o.d:.N.I.wx....7*rt..o6f.........'Cz.<.z..G./k..y.A..!.....-.yq.......G...Wa..cYu.....|...S.....H'?am......t......>._0....&c..0.......P.......@i..2R.8............u.P.i..Kj.U+Y...[..P.7.....A#.!.....D..@e9.0A....;4.Y.P..vA.'.;-..qK}...>,c.'pg..TX.......o.E..5......b.........a..n.wu..hd.;XPe...^..f.....xj+E.O.}.."..`.v......N.F/....z..d.J...d............$..........v.:..u;H..h.?...Y........~.. ..4.v.,..].L...'.tnLgX....Jw.....r..ia#......{~.../.......:OL...O..a'..|q."...H...v/.f....F.......(.......nb..|;....?.]9.K......;Sbzc....7a@2).oOh<5.s.YJ.A.N1.s. .?.....u>k3.l.1@j.G.0jNB..Zg8i......o....6.0..j@RsyT"ccaN....F...o.C.8Z.....;..<&\@.=F.y.7.w.....A.D...[O.....J['].~"<Z..?A(..U..%-.....8*.E..W..k..-6`.<^x}QKJP..B9.......=..$i.....f..^H......\..F.......U......f(..V\.......8.....i.:~.H.T.kS...
                                        C:\Program Files (x86)\AutoIt3\Include\Visa.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):40507
                                        Entropy (8bit):7.995278295857285
                                        Encrypted:true
                                        SSDEEP:768:FDlOA8vHqTkgCvxZd69ows+L+I4cHniPLOto6NOzsQKrfOP/jSwigu5tlM:FDgiCpZY9oJmy6mzIQKjwig8M
                                        MD5:D0871B3C5D42B00A1A92B8CC1D62D107
                                        SHA1:38A0EC607574A923D33121BE8FBD9C867087F5AE
                                        SHA-256:31A6C431592A70D0F6E826AC33FAF337FA5E2BCD6D5F73963B6847D95158F4F9
                                        SHA-512:5941D9E942242E18EB7BE57CB863A8EBA8B9B1AB554955575746455F7B59F56A60D7A61890A71BA7F381992BECA499AD3C0FA11F17E00F2470C2C0D605EABCEC
                                        Malicious:true
                                        Preview: .C./.dI.....5G...6F.t.1.a.>..../.....8...7=.$ej=.b..\...?,..Y..V......+..P_.Gi.....%.O.....G....l9..C..D.:k...yw<....>,...$/.^.3S.t$"=.7r......._.N....|.hj...,...A.N.5........a.....Q7..Q.f.g...f.....Y...K.?.F;.l..~w.)N.f.|.._wIwo@....R...+PH.Ju9....../.9s$..Ij.iC]....+.`f..a.....B.]..c\..AKA..-.q..U....j....*.7y.._.>o.#p4%>.*...F..^1....$m....;.G...t..[.e.R`.$.0~T...Dt......T..<..r.N....W.X.$..N.....P.&...!...i&..Y..".^.v.!:{.!...V....2H.. ..Y..j+.9.deI..b..b.X>..G....v...v].r(>.B.............$.%........=0VT.Gf.V.qQ...=._H.*.{.. ..=!...6B.. m&......\.....:.....,&.._A.Bl.u..b....h.1.}.......(..\.6}..mt..?...tL....+.9..xM.{...#. v[G..6vq...d."..5...4%....pF..v..@b.s..c<.\v.C..*.]l.snK&z.c... ~st.....j....."..S..\c@..g...'.L......."q...\.....y.5(.ws.,..0..4...'....O........@...Q5...#+_.H...D.%7{...a...A.-$..`..9.qSf..3..d._$$.A.]..,.6.T|...K....~.T.K.c3Uk.......I..-.4..6..n.z1....3.r.|^$..X.....Ay...O[).3.C.....V..j.........f..O
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPI.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2054
                                        Entropy (8bit):7.910196916678633
                                        Encrypted:false
                                        SSDEEP:48:SrCYqMZ4uE5yQ6Aan3/WOx72CtTRGnVhZIkw4E8/:SrCYHeuE5b6Aa310K4n1Ih4r
                                        MD5:CE4F4C7296EC761A9173C6A73721C4E3
                                        SHA1:A1F111F7E655AB7D82F5F2D7AA8720CB55F28D26
                                        SHA-256:D84F1CC0FE70E7B714D7338F2DF5FC8BCB14C02481A2D25A3F6DF78B35749446
                                        SHA-512:1F0887E3995ED9B94468FCDDB438C6322EC722CD8A5F7E1AFF4C737BD92490CADC0E659E9C6EDC1A6D22E6716E6333DD3DD1CA9978B674B8572354A37A3B0B42
                                        Malicious:false
                                        Preview: .z.z:[C....a.~Wn.D..&9...#&Z.D.k.<C4.(....d.|..R .9.*-..A.6K.p.3.J]..x........b.......l7.......e.9:.8>.I.7..I..\.@.i.;.... ..:G..r,.@....S.....c8J5\...q8.#L...H.:.....s......]d....5q...M..M.....!!.z.s&..!......k.$..a5....g...gH..!... ...rWe.^qS..DN.!..Y.0.b=3.../........v._.S..X......K..9.j._..8.$.......2.9L.C.......|...r>..+.6....#6....+...LT....:A...B.T..i.....1....G..9.:GRz..]..,/T(...?im.....c....7_.z.*.S..6..JU_.x6...'[......S.6....1/.6......U1....jw.q..&.<A...L|.|......................$...........j"E.2P...G^L.^U.....D.U.DI....+..E.p.-./...C@.r.u];`..._...4*..m..|.&...."....ui...O.:....Z.i.V.%.!..;+.\uT.X.}....tU.!Q?.Wy....jp.>....5..`....Q...+......$.I....!....8.....zXv...t..a%WN..Y.[p.XX.Ns.od6.:m0.C?.$.f{.Y.Q..@0U_G.I..d....7x.l......[Vx..c.`N..m...j...1L-Z2..G.aPIu..{.p.7h.w..iT&.T..n.oTB....~z.Z1&dkt...L.^..;.%..rx....G..N..m....q.X....S.....>.......Q....z.p5..Mn..%.s...[..,...Mf.{.R....A..e..p<7ei.kN..E..s.]f:U..f.B.*c.bx.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPICom.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):10086
                                        Entropy (8bit):7.981868898198873
                                        Encrypted:false
                                        SSDEEP:192:ErlKFgbtOjAuxzZf9VIHw3Q6pXp7RWDgfGC2s32NrEdauzrdxxm8DdHWeBt5Rv79:ErkFqKhIHw7pZtWDgX2i2N+h9tWeRRwY
                                        MD5:9EDA4086A49DE7E8A794EF856FBC45B1
                                        SHA1:449BC8A608041A0C366DF3FD690DC5A20526938E
                                        SHA-256:0FF4B9276A769FBF2A9DC5BDBC724B92E19F803B37AEC7198F2228B1460BE165
                                        SHA-512:0CF9F5B599987436C8AA6146049EEC28ED4091D83766265BCA6E08076A762A14103C844E53560A08028DB2666A3E5424BF30C07980D32B2734DBEE77AF35ED78
                                        Malicious:false
                                        Preview: ....iT..Zo..o+<.7g.r..[.r..&...>.; ...}.....3...-.TV.k.s+S.,s.pq....)..I..l...x...8.w...$..N\0...R.....?a...a...6....d.....([.s...............\EBf..7}>al....E.+.2X.9.I.%o3.1....j;.\...] ....w.%f..S..e?h..k...V..-6.u`....uB%..*.....5..........z].......[.].m/k^.Q{..Z.m3 qwX..G.C...f|$P....C.p.ANxa......0L.. .y....W...|....!..z.E.woFI.}.d...c.....lwm\.?O.z.!.^\. .7..O.h-.i<D.g=S&.a..N.r....c9..w..B....Q...A`.......&..w. .c"..5..d..g..$b../.....Kn,r+.wM...O..".j....._..<..q.1....hC................$.P%........?zV...z=.?.......... ?y.8=.A.fi.!.0n.rd..Qk6.,.n....d.!Z.WK?9Ft$Z..M8...J.f..2..y...0.Ct6.2!.....dJ.*..&.#.....8....\9`...../..t.#>.7.7_.....e!AT.h....j..^2..$.z.7..g......w~B.....%..x@k6..7........oRo.G..H.V........B1....+v>...yjQj%fT.1.y..s.f..Q..8:.....[Ot.z.]i>.S...V.uJ.!.a.|..k.VVCv.u.....*......4..cs.[......tC.B.W`.....?.}......"_../@.sH.9."d.i..._g..a.|&.I4?..H.:G...d1@....N...........l..0]X..E....zu..N^..n.gm:.(j[...N"Q"..[Y.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5807
                                        Entropy (8bit):7.965957851133472
                                        Encrypted:false
                                        SSDEEP:96:Co7iJuWElseDTV5CLRI/lGfkqlHcYoFWssftGV/722n3HlkqM1qKenN4m:P6Pref2Lu2BdtG/72iljWj4
                                        MD5:3C0997D4926C925B7693D6A128078878
                                        SHA1:EB5F7F1BEEE98C76C54B2BA6A8B4D43CDF576DD7
                                        SHA-256:B71F4AD5E5658018566FB29533B80F6E16533B435A415684F9817EC2FE741242
                                        SHA-512:02D4121E5A2DEF5F15E380F620FFFB04D51885382326A9B050B07FF9A6B18BE9C5234444D645EAD81F32045E3284C722780A1CBC28BD6690A483388B5EA3CF9A
                                        Malicious:false
                                        Preview: @..x(...0r....&pg.....7b;.j.h8.}...L..-...(.|.[Q0.T_....up.%.n...g..7.4i&.?..T...{3?...j/wQkq.H..N)....B.A.G..p..6....2.v&..t....v.d'6!H...3.s34..vs.^..Oo....-W>.v.X.s.I..Y8..s.i..T...X..........-......I.^p..A....-..Te.|...w.a4qj........QWb.7.1..i.d......f...uq^~.^m_.e.....:..;x.y.t...-.Y.kB.......U_l.W...8.....c.j.....d.[..O'2ag2m..u11..l'i^+'m..oq....I..B.pKgj.[..L..G.;....c."..T.gkvU...?H5..R....zg5r.g.pW;p.2C.,7.Z+b\.:...}..=3..V2....VU(./.'-tBAR...[...J..k..s..-C.bNab..\?............$...........aIY....|.I..B...D.%....o....O..:HN]..n..L.....j.......&']S!@t!Y.L...6;.>.Q.&!v.s...W.]..nf%6...B..x~.Z{ h..+.,.'+.$..{....H..;t@..Dr.U.x...R. ..wb.y..k[.Y...<...*.<..../.)~!>.\.'L.g..L,......=P....2..t.i...5..48.A..:..>(....;.ei...JK.5..q.....a*.....*..=./.6.c.?7...N.....B.sU.Z........A..K$.......j.=Y....c..M......'..0O..v|v.j5...yY.:....b.>.V..1..h...%DqY...=.......O.p_.~....c.Geu.....2..*c.h..)./.....[.!|...Z.....r...p..B1.TUl..P.*...Ey.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIConv.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):29671
                                        Entropy (8bit):7.992715987502673
                                        Encrypted:true
                                        SSDEEP:768:sK0NROl60gQTVB8o5dCKBUzK41oJ2v11kG+PrMP:QOl60NT9EKBUe4ZSPrMP
                                        MD5:3C74255853E65AC35CF90A0843187FD8
                                        SHA1:765774F2413D50BED14D7166172FBC755E199340
                                        SHA-256:67C38EB2326324008F9AB5C27FF5C68237D6D7D502D97D0501D1F1DF0018E218
                                        SHA-512:5EEE744F550B383BCE093FC0333DA6FDFC6FF2D7387154D1DE90642B39EF033A4E0EFA41ED97D3F0168F73B5E5FDA07470F2AC85676EB5C4FC426AB859B70CC2
                                        Malicious:true
                                        Preview: ...}.J.....{...(.eQ/u.x..l..:.t....R)B.S.........b5.pf.5...s!.oq.....(.U|O=.C...b.!f&8$.K..=8#<LO.6"wik.-q.;h.....2.~.k..$5Fk......c8..(4+'c....3...5tG..r...gB"..K.`.n...ZS#.C.Y(7.8....'.*cBG.Mc..6...F@......T.v&x*.....&#..D.....8....6i.8......-.|]...j.7BKb._.{wF.FY.+=.F@B....1..6...gm..u....u........9...Vc=4p....:n.l?..L-o....abO.]w-.A.j'.W..l.~.......s..?Q.Lb. .}.....m.7.\..M.|...-.9S(j.[..o..pY7.i.U. .6.[..i3."BZ;Y.c.H.........Tr|....,.!m].Fc.....b.)w\..j[.i;X5.[i...ev...O....6.. .\.............$..q......O.mY-...\...Z..u..a?...U.-..V.9c@..K:..U..EtK.{n....R.\EDi.8....r"....o..`....zziE.e.yL...."...."b.u...).[].HQ,...6>...........VK{.9..".l*.....\=..../R..T...o......,..a..3.2F..Y..B]'/............._.;,e....J...r ;....ZR..4`..<.>u..\.,.f.80D .i..\]...&Ak..y?.H...6{.ga?].~.}....}+......x..!.>....Y+.....{.].......A....../..'.....!*V......]......T..".O9...B.d.q$.._.J.....C..(.!...'!.Q.%\T...,..Qo++....I...... +.FQ.Q...<.S....\..{...;
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIDiag.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):33434
                                        Entropy (8bit):7.9936553094294105
                                        Encrypted:true
                                        SSDEEP:768:lKQfbTiW9SKr5Z714u/4xuz/KINMhRYhanepfsAAx5VMR1:EeviOlQu/C8i9YhffXU50
                                        MD5:C119F73FEC00978E0CE9829A2F918C85
                                        SHA1:52FE92BE22896DF788C71009C377E96972D8EC6A
                                        SHA-256:8AEACD2F7F178D52DA44F1874A81E4BBE65E7D4F3BFDF84565BBF05ECAC36235
                                        SHA-512:0495249709CD08238780D92F28EFEB36C2DF872DCCFBE392F8DFDA14FB64E679368ADA364357AED9DB0AC30A9A9676406337165B82D3782456A91032512EEACA
                                        Malicious:true
                                        Preview: .;I~.......z..m....r7..[...?.n.....O.z.).b.....dCg...D...d....5.d.L..H.....{d.Xg'+h...&8.>..H~n.Lg.-[.f.i.L.x..3.lR...S............*..3.z.m.o. ..1.g..2...5...rt_....,.9.........4..F.-.P...s....J.!.f.\!.g...@B.b8...p.i..%=..@+,.E...2..Z.q.}(..3.j..]1\E.....@$. .C.\NW...r.T...=&.I8pw...'.Oi}...0....\....#-.r........N.m...K.)..q..%7..V.g...l.."@?.._...O..I....VN.=....)m..c.O..q..$.$......u.V....../E.........0-..L...'th.t..:...Q,..o?.R.}..I*$.w.J....Iu..".}...J....q/.Of..r&..].c..\............$...........O.y...\0...){...B....._..q.-.....l`I....^.7=J...,.p@;...y.(q#.._j....;...o#......6.F..@Y{.4.- I.v5dQo...2.f..v..h...2...Ta..m....$g....Z.f@'.[h.........I]......C|.7z..U.`.......c...v.E..........!m.CWsU.*3...m.......$a.$/....ft.....!JV...f80y.qn.....8........].}#..H.7..w..{.P...,.zG..3P.(.w^...8C.w._a.P.T..Y*.*7~.|.Y.#.o6..O.x.Z..`-p40.|.C..|od..av...........*........D.vD...;... ....%.Ji..)......c.5`...usC..........$.22h\.NA...\.#Bj..,..
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIDlg.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:DOS executable (COM)
                                        Category:dropped
                                        Size (bytes):39558
                                        Entropy (8bit):7.995386729917988
                                        Encrypted:true
                                        SSDEEP:768:M0HwULXkO1zdSwCEHoHpGWsyu9+XbyyzsrEIsHw8:ZHwULXk+kwCHHptVq+ryyMb8
                                        MD5:DEF7544D8DBD0F2FE88FE58B6A5BFBF2
                                        SHA1:E7839A678DADCA19CFCBA932122ACF3A7495C0FA
                                        SHA-256:63C3F749F08A5AB46F7C5355C22C681A930B9830E6EF40A6976AFBB59F894A8B
                                        SHA-512:C8ADD1F6544CC5FD85AF7A3EDDFAB2FDF4530FC435541C7BA943384FA1590DC4D1929C716DA8B937C984DADAB5870B31B8B915F23AB4DC99D3A3A5671CAEB502
                                        Malicious:true
                                        Preview: .d.Xs.w...s..^.a...6..t.)..\....n.&..v.(.&.3..uv0K.Q...Q..5l.|.c.....I..... .GM....F.!.......{...-s).V..}.....#.K8Uw,q.2mh.\.......=.8...;..$...s1j.|7..dJ....@iS...n............S.]...5f..l.\.1.p..u[?DZ.......P.....m...{...8......o....u.|.V.........u7.=..I-..{x.H..`..1..j....+0.gp.v.?...F0.....!.y.nO&. ..q...].H......U~...guo[..68:....s..R#t]....mf.R....[:.b.....Y.gB+p.).K.....<...].Q.<.Y...?%....W..Ve.q4.]:11....R;.q.....f.9.I&.J..Z..6.,..P..2...,zx|..=...2...NA. ..!|p..;..8............$.p........5,...p...(w:?..:.R...y...NY....-"......d;F......U....key.W.I.n.....Py.........._UwTh......>...Ed..\.....xpw.u....b.I.A.eI......;c..2....D?/.}.[....Q......9...........@v.D..Af.\b...\..J..2X...P...,M.9..Y.........3..a..._aV[.&./...b^..9O..Mo.s.oQB...u..5....Q.*...f...o.......cl.&...9....gn...YIE..tg..Yl-..E..9.|F.xI8.;......j\\.1..}......d.<.b#..:..Z.uh......i.V..MI.@$ ..5.V..5.y..7..(.X..!l....[:.km..c0.(W....{..D."...`."..+v...%..Q..>.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIError.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):12436
                                        Entropy (8bit):7.986616527922374
                                        Encrypted:false
                                        SSDEEP:384:zOsT9MK0q/divAER8gpLghA2rUpkztdXQmXCX4:zOupp1i5RjSjrxzt1XH
                                        MD5:59E7D195432619D97AD6A3F3368451DF
                                        SHA1:8B00870F80EA86F66ED2750BE8A530B19ACED6A6
                                        SHA-256:11051D698CDF761661DCB52803AF099346C53ADE309FE5327AAA358C7A53A3CA
                                        SHA-512:7596A4756D7F31F915A5E5DBE00AB5DD0474A110077F55E5DC47B0F429F4FBDB6704A8C4C555294653BAC5D09FAB297F5D15B49980DEA16A66938CCB09738744
                                        Malicious:false
                                        Preview: 1.p..Bx.w.C\.....Sg...T6qU'[c.5[..:.z..#e..X`........g...xs.I<...o.E...6.|... n....s.....U...&.U.cQ.....].<x...?..t1.....U..]..U.oJ.p.8v..h5U.X.R..{zb.Nhy..=...,wWA{o...M.j.kY .......M...../.5P.m.-..B.s{..tyQ.m<...5L..T............T...y.....D..tFA,.....h.)../.....$a.Y.1......x^Y..@.1 Q.Y.7hj...=Zq`g........_.n6.?...........Y.T..v..B..;G..mF..|YF.WT.h...[>a....3'.3DC.H.x}.."Vs..e.5....h2..b1..(u.... hf...H....\..........c.3...".`.h.....{.......q;..(..,...).....n.}......X...x].J..T.|..{3............$.~.......8q-..G.....",....>........\.....wxBk.....K..A#.n...=....(....MG.+.w.Y.......}.2.V.T....U. ..".5y.....m.]d%L.W;K..4.V...@]./.X......J}...Z.~K....Zr<..q}6...%.o(.Z....@.Z....?.......u..yM....*.Y.....*....t...SW...![...$z..{[....s......}0W.~.==....P7.....).\.}+.s.x.....NY..B..H....g.....q.OG".9\W....i0...g.N..`."..J.#*.~.ex.....M3.<..L...&.w..Z.....T........@..@...}H..../.....P...a.....{.PZ-.j........-5b..."....Jh.]...l.J...R.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIEx.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2141
                                        Entropy (8bit):7.907584317144992
                                        Encrypted:false
                                        SSDEEP:24:g9Zw1C5+0SdwP4D/GAkcNdlK8TN+c/6sH5Q3NzUuZYxhFKwtHOhvHmEBzf+3ACdJ:0ZkC5H4zGpchKAqGPJ8eOhvGEBbtCK4
                                        MD5:E9A8C1F2A4BADCCF2837CA8C000CADE4
                                        SHA1:211EE67D9530B30046160FF839026122BE63E034
                                        SHA-256:C287D69C9043775664E7185975F6EDE6FA977A0FF4490669F812DDA9B280DCB0
                                        SHA-512:2510F56871BBE439189F84BDEDF49D9305B8C5A4CEA1ABAED6104151E163A307AEF9274453662D795C5A79441D2DABEC2A411DD3B46F27F8FB3FF722F90D19D4
                                        Malicious:false
                                        Preview: ,......s0...y+9.{.-.2r...1r...+......./.%.V..........x^.E.H..f$.;x@.u..B........M.G..2"..E.nDg..c..l..:..).....smU.X.yZE+..>..c.8.M,.$.Lw.8....E..bROq?...t...d..F.8.u.P.gV..^X.z.n.....>Kc...@.\..#.{ 2....r...QO...U.k..ie........o...eR..........4.wv.B./.|(.?.'....b5q[....Ud(>A3......nsZW......0\_N.3..=..[.km.....W._a9...1...)p.....]..~..a.?..)...c-./L...O...|.E......b.@.C!..........I.H.". ..u...BW...*....&..&8...s.oq..pAy..2>....+.Tw....k.H...I....X.\....s._...8...J.6k..R.|..MO....\............$.G.......N^...&}....v.w.....^;E,.s."Vr.1./.KX.m.?...q..$.h.T...........`..K..):...?...?.....eu!`yo..t....h.P....I.u^.o.R.dR9..p.R0.....QB.7?.m.|....._...nM....~.G.RnO.F.mZ9..pT..9..nY.G_.I...0.}.=.B..Y.tF...ppcz...#7|ZH.c..~.(.V<.n4...p+e}.4V..u4PP...6f).3&2......R..1.d.....R.M|..w.!S..q..\..9.n.ll-F.Q...!. .a2*........9.y..y.{...y..I...J..|Z..3.....f..2...........G.......^o.....'N../a.....6..x$k.;S'..u,..'...X8 ..)6.[tp....|...H.`.h?.X.R.9..T!O%...
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIFiles.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):96281
                                        Entropy (8bit):7.998238382526252
                                        Encrypted:true
                                        SSDEEP:1536:u9Kh7+Rf0yl7y9F/oEFm4aNDfVA7/XwvyDvTzZGYPWLvUWrVJj3MKomrB6xA5yaY:u6sDl7y9CyLaZfiXwuvTlG/tj3OxA5y3
                                        MD5:B764AEA781D1AFDF0063B81509331EE7
                                        SHA1:842970CECEF3157F8B65365CB8D86821746E76EC
                                        SHA-256:ED12200FB5F4502D2B15106572C393D41C58C16B33EF9684AECFB81BC7340584
                                        SHA-512:8DF9AA997D7761C9759724C2C1BD02A2D1C8A48F1FB473049E0194EDEEE042EC24C289DAED5003523CCE7A0219D69D3B996FC6BB12DB4D7C2E4BD434AAD487A2
                                        Malicious:true
                                        Preview: .nJ7 l..C..9.S.;>2Mm5.(.....T...]woA.:T..1....!hH2G@d...j..#.....-...w.?I.V.....:..+..v..Nn@/p.dt0#..(w..g..e.m.).}xJ.I.F0...y.g..bC...%.....f..]...N..Vl..k9.:,..>.&...Z>....y.c....W.m.q.R...'.M8.wk.~K...t..e..`.{d..q.!..W...P..&~l...}...N... ...J.`..i..X.k).,.*....&y......!...'.;..U.....4--...:..zZ&.v........C.u[&...w.X......4;b.Gfi...........bee.}..#.....F...:....Kn>F..5-mU+a.h.8.6NP.. ..,...ZE.<8L.y_^..^>.#..~.......A.4.....e...[I......M...Op/A@.v..Y.s..=;. .l..:.....9(...p+.............$..v............G..o..a..Tt0..x..5....n.......2.....Fd.)._..+.2q.1)l.....|..."O........:.|...ty.c<O..u ...OFG,. .....].s.F)ZN....d..$.Zn.}B...2..$hdM....P.k..5]37..G%......h...|.|.7.v/...$.....-..g!7.Q...M.D..*....<. N..q;U..A(e..m...F:U..d.K?~.f..H......V..J........eP....[....$L.Q.....T......tU/.......=....T.?......R..TW{..H..G.do..pN....L..../.A.ZE....{y&.......;.O\?.&......).n^.8..........._.=~..s..........r3.%b.P.._S|j..J(.#Cq.R.....2/...N.2c.{:}...
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIGdi.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):204183
                                        Entropy (8bit):7.999184151885264
                                        Encrypted:true
                                        SSDEEP:6144:dMQ9T4Mx6WdV8ztX0rVcBzJ5fyzO8HHLsykd:5t96WdV8xec35fyZgHd
                                        MD5:515C3E53D29F6616CC5B4BE28D67DE5A
                                        SHA1:BA42AFF2EB56CD9B9610FB6C521B739CEBBA2C9B
                                        SHA-256:3CB51D63F88C7D1502BED915BC6510C9BD2C97E6F87FD740437AF3F47A9A54D6
                                        SHA-512:441081F204749F12299D47F1EE51DAEB0CC4EC32D9470A74BABD6121F0E877D6C7B361FEA08111C1065ED3468DBC14CC222EE7F303209F1D982C5348C87EE1D1
                                        Malicious:true
                                        Preview: ....}.....?........`..-g..7!S....>..../y...+.1..?.U*.~z'.J..}.M....N.c..r..c..\......V.uDc..e...w.....r.t-.~.roP.u....%..f.`..n/.r1..8....X['./t..`D?..|.w$.G.d.3..........y.....z...^4#.....g;.....%:..'...0.$.U.<8....,..B.}:0(+..A....Ywl..y..r..f..X....-\....-...Xe.4...%.....&8...T\;..K.SQ..3"a..zu..#......S.h.r.U7.-8..%...P6.L.....l....]...K`.O..I~.....y.......[..Ls&.a.!..n.r...1._....Y....0.k5...EWkQ..gCj<lT8...V.#W...7....|.=.......r.1./....0....a.%..K....<.G#&....E...E>...EY..............$.........Q......f...a....K..{T...+..r.....k..e....hU..J...x.f%>.....Rx....URcfWF=..3....J.KK..t..p|..L8N.W...>sE.../M.k*...e....xAM..wL}v .N..W7..:...]....y.E..>..0....>..S.~...W.>.....H......EQ.c.....!...>P3..T...f.%.k....J........|....TN..f.@.,.u..=y.l...f..8....}L......=.4.B.n(.;a..8.'[A.|.~............x..........A...H&C.tT1a....&..m......{.}?g.%j....l.A.j.<Lfr&a....O.B..T..#9v..J..W..z.$x..w5..........^t.qQ%..J.B...y.Dj...(..F...q...A."Un5ai.....
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiDC.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):20549
                                        Entropy (8bit):7.991284599206235
                                        Encrypted:true
                                        SSDEEP:384:Zz4FqsPc/PZMm2V6y4JelJjknDiora1Tzj7dO1oXN8hv8W:Z0F3qhMm2MU7jknOkIko98r
                                        MD5:A8D1E6AFCAC4A7FB2013C731E3309DE2
                                        SHA1:BBA935944390BE15D0C423B2C458D450EF26D966
                                        SHA-256:5B2B683E69C0679C722E37AED6C749D8948461EA18406FEDB3A97265DF22C91A
                                        SHA-512:CDEE9664B0B8217766EB4F9FD44C471CE25913E764237076BD6772647C70D3D5127F9E65BCC0CC122C6F7EBE93D20C5DCF573922568975092A17418B6E662C20
                                        Malicious:true
                                        Preview: .To.....1...8S.._z.K>K\!.S.....,...LQ.^....@..Z^.X..3XPs....j^.a5...q....^A.3...!4...l..~.aUP.]'`k..j..d....!....?....k...77[...fO......>%..^b...+....Q.d..Z.y.c,.,zL.....|. ..:...=HY@.Y.F....n....>...4.>ONwR.....<U.T..l=.....5...b.o....Ki.....=.l...&...Vi.+.mZ9./.y..U......Mr..........^...E..u.&#.....m...gh../.r..KfS....i|'...T..~.."......Cv..ec..{G.8.<.z.1..... =..V.5.5...x....&.$.....|.....?r-...&.TDQ...zE..5U.tY7...)v..|.V...1|.....#.x.H.y.{..7....G.g..9....SaE.MSOx.......$6_............$./N.............o!.l....y.-.a.6.........8yTi~n...:.Q..gr...Y...d!...#x.2.\...A*1.tx.[-./.m....Z..C.^.3).t.y...P....."De.Hpq.{...n..#.......x..h.d..Y.W.......~+..q.(C...Irc.W.+.3Bf.\..*...;Y.........wG.b..5G.5.t.H..,P..o.yH..,..F..O.... .~....:.C3|y....h.(.'~q...~E.ed.7.`,MfJ....T\tR.CC,..F-.....Dr.u=.612......F......N..P.....B*...z..:8....5^.@..).w ..2.'......\..H..|...+;...,.c.Q.A.;........ ......p..(.`.....;.Q...........Z8...O.Ye........{j.6:Id/#.HP...
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiInternals.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):30092
                                        Entropy (8bit):7.9930729906915365
                                        Encrypted:true
                                        SSDEEP:768:ZXnCKKGgQzpidx+xV9duQSgMu3l93s2+WzZlcrJjqml9xO:ZX6GgQzpdIL8jcCbmlm
                                        MD5:4425103C75D843E59D4313C8BD19ECD0
                                        SHA1:1B0078588CFAAA1E056C6B08539FD68AFFA01318
                                        SHA-256:568247C5533430A84526F5CB19BE49C75DF70AD4AD2688125ACD751549919512
                                        SHA-512:64217B3692381EEBF51699BA9C04C6B1174D6DAC77F9F298E299F0F4856C41F53D9608D3C16A27AAAEA838EB151ED9ED8BC8F1E383C75E7C1D53E845B3BCFCDE
                                        Malicious:true
                                        Preview: ........x.z.......].......m..uS.b~p....T..k.W...;.......)...1...W..E..|.n.C..|....S..$m....vrUZ.....Q)...5 1Qd. /..Y..8...?@.!=..g/.h.'.^;....>....[v..~?..2...v.J].4&Y}.....e"...].D...8...P.....1.]......9..U..9.v,.E...DS@x...S.....*}B...\~...,`.dM...X`..... \..w.j..f..U..M.!../..&.PS.,7.tlc=..2...[..:':7.M)...(...;w......(..../.s.f..K.A..D.=..e.i..X=.6F.".6..O..##....z...,L..~.U.S....3l.JN...q\.....!......~...6.....@.....q.|...$.;..<..Z.|...A`.p.pl.}.qOOs...".....2...6;*@...2..............$.vs........*....nf...a.{.b......Z.J.>...o..AXA...u:..-.>......S...0.6B...UP# 2.>.[_....~B.....;..r.D.W.HzL.>#.GV*X..?...2...m^..;.........+..}n0.A.n.+.a"..BhgD......B..2.. '...>..su.#...".J2N....e.N..|....9.tz..- ...N..8...7PQC?.......p'[.u.<Cf.5A?..qF.py..........x....q..........e.b../...0..(.u.....c..-.........w...,.....&S.C.fq.z..5......1...G...Q.....e._.].g..{.`'.;xO[..0..k.......Q..5[..w..U...^.t..-.[...CRcA...P.... ..(i..-.@..8Y.{.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIHObj.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):13649
                                        Entropy (8bit):7.987417741643643
                                        Encrypted:false
                                        SSDEEP:384:HccMkEdcDQnuxotYwSL4rROXtvCfAc948IuUgN:HOdc0uxotOL4rKtvqAc9ZIuD
                                        MD5:79CA3767620881C0CBC1D350EB12B65B
                                        SHA1:345A278B16D70DAA94CFD96F9DE482FDAE52DE08
                                        SHA-256:5DD06F468C0EC6DC6C8170EE3A5756D0F4F9E5963214FD74AC7123777F3CB1F8
                                        SHA-512:C6E7A76A0BFBF5A4B3AC954176758FAB0282855BA6A3B4E3DCE6E352189E5498BCFE7ACAAC29A7C74397E3B8C141890FD57C5A1593B4AFFD6EB972FC4450EF10
                                        Malicious:false
                                        Preview: ......T\...5n.I.....bwY.24..T.y.Yp.x>..z3mO[.0.....F..tY=.........zKL@.._..7\..N..i.8.T.b}Yq.E....o0.N..<S.A.:.S.8n..;d...-..pz@..h.....y.OL.)........z...3..Cn:...#)r......<....`St.>..j../A.]...R...^;C.[..,Wm+cz..8.........?...>.#...H-.......6;6...M.$]......P... A.l...*..r..a....B..5K.........7..S.4...E..qP...r..u.L..j....V....l.w.%..XJ.3..Ml<...I(.3..Y$.#..t..B....u.8......?.T.$.1...#..O_f)1xy.(..ZW........M.7,....!.`..I.O..QY....vL.....^.....6..$/.....[..%u\....1.l.V..6G.{u:.....`.../.............$.;3.......Z7Y.~.Tn....kq.....tV..M..g.<.aq..l8....m.0[L..1..d.....<.......U..:<.7.z..|.g.K.G..gK=.5......z...5..av.+.O....<....,j.W[$.$.d....|.....X..C..*h....s..+.db.~..+6......$....#fU..(.m`.Lt.=.......@.d.~.s.x}..$r.....y.....6..&~[.(.k..../....#....b(..w.ZV+k1...a.L2.z.k..F..t).14..h.*...z$6...'..D9W.g.S..bz..X.3.......#.&.o=..o.6"......B#.[;...H[.2...hb!.......I.......0.L.{...L.....b...K~n.;|'..{.bOghv.^M...N....`....Q..[...C..1..(.X@L...Q...u%..2..
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIIcons.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):24603
                                        Entropy (8bit):7.992199238624513
                                        Encrypted:true
                                        SSDEEP:768:UJqpuybvUoVMq2lgXdgyqTFt95+vWdQKycyp56:UgpdUv3syvlkvG506
                                        MD5:492AD116F78E1C22243F4EAB384DCC46
                                        SHA1:25FA1FF5B07684569926354B5A905121667D5E29
                                        SHA-256:5952A3B050784BE4C8A2DB9ECD1B77425B75DEFF937BE73DA5913DE75B1927DB
                                        SHA-512:2C43751B06F8067ED63F3F1B94EA285DC7616C527E77B818A617134895D2C1D2790BA251DD449EC50551030BBD2E71F16C9F15FA764DB779244AF1C3F2B208A4
                                        Malicious:true
                                        Preview: ..)H.H....]'l.>r-.`_B5..3...B.]g...(=#...y...H..B.^..d5..I..X.Up'.b^.t.,r>._$.Y..MG.._.....b(...7..d._.KH....;.i..10.U.{...{..o...)2d..C..x....x.?...r....a.....%.}.....d.d<5..L..p.QQN.^.Xv...F...X.......r.....].O.\r..`f..F!........0..I0.F.jr..u...?.....%.Q.....&):..q....B...=u..bR4...q.. ..f.b..s....8...n.c...[O..=l.....t....eyJ.IcL.....1.l.....u4....k<...aE..6..^..e.....@0.c.:...n....5...~.C...~..rH.n.m.uf:.2.G|:..&.A.....1xe.#.....L.4.+...Pu.O...I*.).5..(...r.:...-dR.V............$..^........_...R.T^G..c.M.B...)x=.W#.&.o....<m.....D..<.#p.6g43^aA.\{'.EeRnU.G.{,q....\..B.XI".U.".:.}.9sm..........I.x....x....-H.F..9.v i.DD.s.v..|..#.'.........J.[t.f5.G".......;).2.$r.j):_F.`<.]\...........0.d.o..)\.0.\..h..L.:`...M ..7.y...m.\....]*.....p.....FGoi..(...w...#..ne.G:......^...l.>Fe..^..\7...G.}.....`.~....[.G..24.,k:qpO..0..>KlO......Om.;-.e.V..u.......-m..;4q..a..=;[3.@Jt.yQB.Nc..#..|..a.nM...k#.I.q\T.n.e.e.;. .......8.Z...i.....
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIInternals.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):19405
                                        Entropy (8bit):7.98931522574926
                                        Encrypted:false
                                        SSDEEP:384:6XZ8Pkm2EJsLdkDBJzi4w2YdbkBizwQNLciBmZQjaTUFPEz6fHdpy3OcvAFVaA:6XZ8Pkm2EJsLYOdbOdeNpewFMOPdprF3
                                        MD5:4749B993938FC69BEFDA26AED0D614B4
                                        SHA1:B94E60E967C80A7E5705B25E86FCAFC76FF38683
                                        SHA-256:FBA78FBC11DAD5BC38E88282BD39543C67672A1CEA08D5A3CFA1E48EE80FAC68
                                        SHA-512:D566D164130973A58E7E0A7D098456F3FC981C343AE33D1CE6CCD6A073D2B64B4FB633318683D58D650049D71DCEAD5C5108222477425FE958627274848261B4
                                        Malicious:false
                                        Preview: ...xX\k.....ea...+y..P-.;......i]x..6..:..f.{r.L/Q.V.5.W85....d$...C.!.a.....C.:..7...Q.-\`.;._...u.....9.X..`..|.2\...L..J4...F...GmC..k^..D...2Xl.V....N....9........U.!_.yR.7.....0(\.$<.=.gt....v0.\O..>...QX4.<d;E8.e..t..K......%....1.2;+e.H.Sc.".n....X...Ds....."..^a.*90......y...0...`....1d._.g.Km.....|..M....S5"...S7-N..ZV....&%.....4.p..{..B'.P.Ro.......y?..v&.....&a.^.N..83.`.V.=.;........%......q.C..}9l...%G...n?f..uM.7..G.+...[.$......Zd.%.q.m...,J.c.(.L.g.......8...*'Y..'..XiL............$..I........%m.y.x..Z..4.s...x..H.Z.{a......t-.G.i.S....q.=...P1{`.Hf.k...|U;..?H.f0..K....ua...K]..H...}/.4.{..In.1WA>L...K.p..q.yl....a.......hlts......._."..*,z......VQ...[..?.}......[#I.-.U..Z..=..[.-'.u......:.1i..8l:#...........2+;3..u.+...P.RG.E{.Lc......MfL.!.1.(.)..E.>.m./c2.5.$1 .`1..Wt.h..............bo...*K....DM.o.*.....h..z,..[.9....._.P.uP....H.U..uy.^.(..W.w.t..G.s...".%6s2......... ..t!c....`5.......}%....K"...|>[..J.s.....(..J."(.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPILocale.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):21381
                                        Entropy (8bit):7.991504063907472
                                        Encrypted:true
                                        SSDEEP:384:RY4VXd/6ykp8gOLejlLlXIZijxFCzWqEpL1D/cqkBLQx2yHakhtOI6e/iqGoxLKe:RY4UmvLeZ1IuqEpL1D0lLQx26akKIDlb
                                        MD5:786858C6122C9D74B8F7A03E1F5E31BE
                                        SHA1:1E3EA24FF9B1AB0CBF5D283BD2542FF39F5263EC
                                        SHA-256:5BF73AD7C63E56D26F8D7E580F3BBEFF4F77E5AE894D137AD11A92D625A4B196
                                        SHA-512:2F18D1FAE6B88C13C3E8352304B94E94E05EE44F1405A16E1D2DE3712DC940AF65067F6620751427A579B0076727633732E109F3252CBA1E7696396E9FB04059
                                        Malicious:true
                                        Preview: S...z..]&..?......|.:N...y%..1.nAa0...{..O]...."..T.K..0.7"h.N......G7....`M..Gw......&f.X..@Svy'.5.n.L..h....+..)%.W.,.dy.........2.b.v^T.{!..Dy>..P..w.4.....V|.gec...H.U..Hv.$....v=..+&..4[.2...=. e..-x..BT.-C.<.w8.!.&'.W....7.tNml...........L.:.."......5.Y....NK8....-.E....fU.m9.x.T.B......\...-+.W`.x=.;.[..^>{kow.x..yiX..0.................6.$......+.Y..6J.eE..M........RdD(fOm.m.......$$:.`:m.<....(.If..w.O9).j.3 >..,"...,..:#.!{O.0...8)...l...T.u.v.f/...{jPTe.[V.....-.g`T............$.oQ.............$2B.E....dw7..$p...sup....$h.{.0..5:.....:...k....G...|.....[.{Z.k........$...U%k....8K.L.Tn....t.?.:S......_.a^.K..I.-.g...o..m..'.*N.t_.V...G.1.Q.....?pd.RG..s.x.Kc..v>..+......Zte..".2....,.#...Pd...%IR.2._%#.!.......}.@.d...a ,.d...4C.||}..u../..R.Pi......m......?.....!....2V...9..........-........H:...1..T..O.&.....n.....$.}j{bN....)...".......N:....zl.4"..\..EE..2B..q5.!Py....4..........jvf.t...NN%.q.r....,?...(8x..l.0..w.d..n.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIMem.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):22024
                                        Entropy (8bit):7.991784274358937
                                        Encrypted:true
                                        SSDEEP:384:nm+B0FLQkFVdYgFlf4bh4MwobuA0K9WrR+UWGwjo4v4fbIJOhaZd9VMwTQlIlK25:nmW0FLQg8qf4bh4QKA0911w04vOFid3/
                                        MD5:15619D7FAA1C9B181CF8ED1DBB357A9B
                                        SHA1:EEE400104A0041C7B7FD6F77E6D510E15036B41B
                                        SHA-256:6AC84F6ACAE34B45E76D35C8E0C305DEEEF7B0A92919EEC3B7F5ECBD7C6A945F
                                        SHA-512:01996EDF2B0687DC120EFE2CF0B233EEB73FBC15D9697ADD24791A4FC54BF507BCA665CF15FC6CA28D7621C611CF73AAFE3E3A4DB6B651211DD6826D4F030827
                                        Malicious:true
                                        Preview: 7..uD.z....w'......A;5tA.....+X.D...W..o..,.S.zUl.j....H..x.O..l9.5LG..=.........G1...........V..(.......`=..b.S&.E.X.?=L.....Z!@..[H.~L....(."....m.....&1$r5p3=.e!......i......R..g.1.Y.Or1|^.eK....tl.+`..._.-..p.xpg...1X%....J@........N.?P>S...].1..v.p.)...X..%:+~/.L.....\<..$S..vr.......s...U"..../+/"...&.3..._%.[M...(.)...q`S......^f.....9....fr%.....a..e0...xz9t... 0....%..A...{........@9...22.fqHSm\<....P.f.S)..f.q.."wg.s.@7x..*i.....XW.:...t.h.c.D.%.m@...Xg....~N.uk...q...v.h.@.............$..S.......T...8...Za.U.@...Z.%..G..W.j..er....7H.[j.I<../..b..X......._.Z.u..k.z.<G..b.xV.S...<.i. ...2.eK....B..1O&....0@p{u......y..c%9.g.]...-..[..J.y..(....pLOVb...\R-.....Iz.+...&.q....t1...'.M....)b#....v.K..7.{.F.!.2V.i.....*z.....mj..n..a|.._NgL........G....h..]..F9d.+q.'M.VQK%.....2V.;.....A y..[.......y..*..c.......:..>9.:.8.[ya.,5.jIz.u5..Gy..H.z"i.|.T......'..1.....u]..#_..."...`.q..EA.!/~*A=.w...pl.}.`w.G..&.B.......q.|^..R../. .....Z..J
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIMisc.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):14790
                                        Entropy (8bit):7.988545705651628
                                        Encrypted:false
                                        SSDEEP:384:AM9MO1TODOpxGnD/2j5Lgw1dOn/u5gd+RBzZoYjHAUQhPrUPV+d9:AiMOISpxYj2j5Lfi2+SzFjgxlO+d9
                                        MD5:386774D1F1BC92E968906B6486CF86AE
                                        SHA1:35820E59B3B2197FCFCDADF2F773678D5B97C9CE
                                        SHA-256:7C1D43A6E124D198039E759897BF88A42C128BE8F388FB01A8C2EADEA87CDE56
                                        SHA-512:EE09DB02C3D2B09471A0339CFE337C106FB08D4286C54B4F57F7919609AE26A02F31977207C320DBA29CE97B3A2A7CBF142147AD32F600985A61C0BB26E93839
                                        Malicious:false
                                        Preview: 1...!_.z@...J.Y....uX.]..m......9..Ua[...T.."..?.F.&...G.6ri.vV....X!.Dd/{TI..*..\p..6......a..U.4<JO;.....Y....%:]c..K.e/.U.,R2V...y..Us6...}.B(...CXU.t......E5'...2...Ra..7!.CZ.:.\...a.[...#d......+.vT..s_....mV^.s...F.'3...m....u..H.....l{...9..qL"..A%.D..uU..5.(.Y.If...|......+s5..R.e/v..LD.L..9/h..V..g.l.L.$cK.iE.\.....?6U.....o.......2.CW....L..l....7S..%E.....:.G.|.;C...zy.!.../N..2.`\...7Ng.k.J...i.<...\..0..P.k.\7.n.ZX..........:...6.Z:..er.....n...8.:C..K..&P'..=....+...?.Xh............$..7......f.i......M...^,....ca%.A./7....m.P....t..@..?..MwE..;...w.~.g+.l.H.s.lS...}...K...tLTz.Z5......._....jD.....2".Rt.oF......B(...D......'....^...0.E+....?.Q[.ztk.6.W!.s8..-...r.V]8..I~.......I.f............e=.{dIiA..b.s.....t~4.......rdMgQ....-.1.F5}........y..DW.#.)..W....U.Ls6F..NK..5&o...........d.W6.%.?].8T.i.....$..a ..V... ..?./..c...0a..4....Qt..%..3]'.f8......m.m.....w..A..BF...i.p.-...~.5.t..I.}u.-.~..j...\c..]....u.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIProc.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):76854
                                        Entropy (8bit):7.9974343353831845
                                        Encrypted:true
                                        SSDEEP:1536:0zXm3KXf9BCX17j77ZO/Q1EcJuqN7lcY4gtrog9K1OED0o:0zXmm81377ZJEcBpc8Bd94OEAo
                                        MD5:EFA08C122193EEDCCB676D5245EA26CC
                                        SHA1:6194BF891DB6E0C2229DA9416AF89D6AD8220158
                                        SHA-256:9929EE36805365232B98979E24C6990048EDBD236F40D6150977BBCBF822DFAB
                                        SHA-512:733C7B578D172B04A3D24643152273C87A011985D57B18326C50CAD8FA8EF22F4CD66EA5E18CCB7F2AB96C41077AA8F4AF47B619F34BB93219CFEF3078E25157
                                        Malicious:true
                                        Preview: .S...CIa6...p.H....t.T...r}.]*.5.'..o_.....Vo.<...f..`..n.>.o.J.......K........@].G;.6...t....q........_...o........b..t.3W.l..@Vh;ay.z.Z..yo..`u../..b....[.;R...K..."v.+h...5.)K^ZJ.M..l'>r......kL...Xd..%1u....X..DVt...V.#.F+ K....s..7..s....E...L.Z......Y...E....e.Z./n..zB.../.c..b..r]0:......S....?.K.R&z.:........x..N....\,.......j...V...b..o...#.K^.;...uL..t.........2....5...s.G........lLh.n.O.....$.r.+..?...fHav.'..Xu...U.%O.g.....1c...5i...... ....x..._.4>.D.5...#.Q.1Y......S.............$. *.......[.....'.%.aF.H.g..!.G....;.i..-...J)+.&....-.9..Y.....4j.{.....VD.$...d2.h.#9.8...E..G..k...;=..N.4..Ij.f..,.j.O.}8e4n..z...A...O..?.z6<....:..D......K%.O.t.7.H..9.b\p.6.|.,...+..@3iQ)X9.6.O..'YQ9k7[..o.}....K....*...Ah?.3....|&.k...=V.a.&..5.92.....\M.X=S....h..>.u..=.;.I.1}.!...%.@>sq.E..J$..rr..#.C.o..B...|z.VM..J..>]y..x.B..G..f...*R..A).?....J...b.N...\.4....z...3]C...R....C[~B.N..6U..>......@i/...I...Y..:T.?.C..Y.4...v.K.....i...b...._
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIReg.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):32457
                                        Entropy (8bit):7.9942735795822575
                                        Encrypted:true
                                        SSDEEP:768:PT+n+t5bWpsXC+e98FBpxjo1bFuv4pTNNkeEok1EXp:PfTWgC+/952bFq4pJNkeEoJ
                                        MD5:70F94F462AEE439FB73206F3C9F4B3DA
                                        SHA1:463492AC742FB9EF501451C1CBBBF0266E261C3E
                                        SHA-256:B64A80627BA7B185B6333A00D372ED285B431A6E9449DD1421184D633660AB42
                                        SHA-512:940346E82667D7BCABDF118AED2D1A6424938B95B9543FC1E7353287E7C1305F7B5E6BB45BF26619F69C847B881B85A59DEF33C5E335BF29A69A07662CACD6F1
                                        Malicious:true
                                        Preview: I.z..;.......K.....=L.....4Z..j..I.MY&.Mj....+.Q.{...F5J$..IQ.E.].^.$......iX....I..>(Zd.6....O&.@..E...{.......#[.G. L]..o". .....EC.7..j{.....y.....XL8r..*q..M.C:.R...n.G5.D._.[.f%.3..w.x....b.../v..>.'"bxJh...8...E1....t.wT.@P......</...$~.8.....s@yx..r..Y=......d..#).H6zL...sN..P...m).?Gx.g6$..o.H5...^..w..6.EvY..s.e.....0ol..rq...%.....cO..C.C.%...?...p.F...~._....er..7..?d.R*..Yh...y...=thr.....H..s...@u".\..(>....~G/....Bh...a...$QS`.).5*...@.a..?.C,..M.."..N...!T...d:.x..p!...-[....._............$..|....../.q....A............K9..?..u.B..&......l....O....VtZ...@.#..7@s......#2.Qz..U..&...N.\.....<.....3.(.1..)..<.Kr.s.....<.b._vGr6.>2.S^.D..@..K...Ux......s...C`....W.A..r..G..FnE..~.6...*l'...`.R.......l.@6.9...+{p..r,|.>...vN..,..Y....,8/Y...g..p.(...3..\........G.c...,).:..B....Q......Q.CIW...G...x*..\....W.3.q......s;W;F%........|2.....D....'...~..T*...a..e.P......pR.aU5.4..<....P.t.S.J.C...7M..[j...tN.p.q+....E...K.L...9..w;K.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIRes.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):38502
                                        Entropy (8bit):7.995569082843181
                                        Encrypted:true
                                        SSDEEP:768:RfqCuG6UCI0wFfcFQj9zzRJ1cOoWEozCGHeJiO9ibmGSefZM3K:RfqCuGHpQWzzb0/ozCxiYaSefWK
                                        MD5:A443C995425F0D63429585BF3D589CD3
                                        SHA1:8841901469F455F21FA683A7743C1165889D7A65
                                        SHA-256:382999E4220172ECE6D4E5A9F5BD02424DCEE276051F6C63EA3669E46866C688
                                        SHA-512:90C1972D29645C9DACBE83E9B53AA99C3C0CA3C9C6BE9CF98F6B7F18B4ABB47061DA74E3627466AEF98D56831FE0BBE83F3D69EAB08286940DE82EAB5437D0B5
                                        Malicious:true
                                        Preview: G1.gJ..L..1.R.}..d....../...Ie.X...]..9.'...1Pr&.a.P.KW.W~.H.....G"0....=.d.2....Ux.t.Ask`...O....y..>^.|(4......q.$........3..#@...0eD.m......i.^...q....P.wR..........1q.9.....a.|...P1h...2...<2.:.n=.m\.d.....l.A...oE..I&\..Cy..........gF..@..G.C).(....I>.4..........l....m..p..W_a..3;.\.5x.^oSh.... ~..=W.?.i..TA!_...CC...e......6*...G.....hA.....D..YB.M....}./....I.~..? ..N|. u|.&.....m.z...5....+....o.E.lPP..}.V?-?..h.;.HNN...Y..m.~.%......qu.@....@..K..._1..F.2.W. dA...;.hx..0..83|..]............$.P.......].....4....g.._S.ka'^./"..........+..k_T.r`.V.||4..K%.d....Ld....P`N.U...\E..n.I!....?..#..q%.u.9Q#...5.k.JD*....z3....|.1.p_..2.*.!.qK.q.l..#.....7....(.wp..`M.b..@......7[..2...}..q5cEm..;?.k-I.../.}.&9._..Z........q2y..vNq...i...+..V-.k.;.Q..z........4.g.....uV.2...d.T'].fVD.B...b]Yy....mb..4.c..$..OV....Y....Z@/*.#O.......7~...G...L.L...5...U.1e-...^.osi.rZ.....A....x@.4..-.......8..y.v.S=...1........7.xn6.....o..'....l}EG>w...{.=..
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIShPath.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):44981
                                        Entropy (8bit):7.995659781783188
                                        Encrypted:true
                                        SSDEEP:768:o3yPupy1XRrxuLexcIVBINS4o9fLa9L5D9RqLflSsFqzBSlStoauK3OpVNJaoa:iCuk2o9z2LTEUsqz8lvayVXaoa
                                        MD5:2DB9E93A0B7FEE552FFDE167655B0CD0
                                        SHA1:32249DAC7E1F0AAC2A5A67E56B0BE22984615B1F
                                        SHA-256:0421B5C9B981C2B3D6D2A3C20E93B24746FB47B81AFE55E245D241B0011619EE
                                        SHA-512:9729FBC8FE3EB387464D335E342AF3510D9BCFAD2E507CDF22087D3C530EDD03D309196ABD231FDF06A04262EC4311EE68CB5AACC6A5DDFFEA69EEC413343870
                                        Malicious:true
                                        Preview: zx.h.b38I)..x..Dd...8B.=..o..|..S!B...Q..........?.j...A.h...C.............lC...'kz.F.>.D.(q...p'...*).....;..3..."2....1..oE......N........L.r4...+B.....#.K......^._..s.../aG.^.6xC0.>....W....#;..!X..^...1T..[.C...R....p.)g....6.........8...@.q.....&$..R.........i... k..v......b......+.{.1.".........PR.4.r..j`'.......V.h.p=z...K.....f...G*_,.W.[.e`%p.Z..?{.n..6zt...Rg...R.Bw.?....../.XE.b.J.......$3..J.C..l.).......J..U.RU.|+...)i#.........u&.h..~...m...?.M.WW...k.By....^..cWK.............$..........XL9....uhb....1eV..s3B..nl.m.Vtt.,tW.~.z...........w. ...v...:*1`..a...?b.;..F....@.......,..T.Yg...y....E.....W..F6....H..j.{.K.g9.|..uy....c.~\....4|=..l..P.................k.7X+k!.o.<.@I.EhZ.I...n..a.B.+...B`-*......A2Q..&.......JvC.....5..`...Pho.p..V........p^s..T.....D.......?......^l...\.h._..c<.....'....(......*.X....K.J)>';.H....-........B......0].|a.l......,y[.P....^0.U."..A.U..z.K!.C..........-..m.n.e..HWh...?Q.$..I.K{Te
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIShellEx.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):43204
                                        Entropy (8bit):7.996492777884033
                                        Encrypted:true
                                        SSDEEP:768:2DKnOgADGG0puBTTqUDxclw8lgR4bFr2XDcYheSjZT9/xaTiuST5pXF5rMNyfKqF:2DeOgADG5puBHBclw8lgedGAYhDpxaeV
                                        MD5:029C73574B50B698B3740114D7856DF2
                                        SHA1:875C2EB70D0B4C2BBD9DB9E63EADA8F52C4EBE47
                                        SHA-256:DCEB52E3CDDB9A73180CC0B48A7B20B2C1E08AE5B03BEFF907E8AB3F426F341F
                                        SHA-512:2A7BAE0F945716AC1F56AD7BFABA5705922632F883E41348599EE586824610831F1C019C48EC92CC4BC41E7A5C3A0E776B9BCC67583786D74660145300375362
                                        Malicious:true
                                        Preview: oA.J.Q.eO.....z.....3g[...W....t.<98...7m...C+..C..P`....)...&.$0%...4.t.e&..EI(.k..*c......................S...>....X..Xt..".x. X.;.7.Iu..6.R.d....;.p..O..(...U$...... y L.v.^s.!..kG..g..V.FX.,i.i..s....Fcv..M3..WL.@u.n...F.....x#..'.+.p. ...3............P....k.m&..l..G...jn.~,..W...p...h.M...V.n.p<...`1.s..kB.!$l...m ..|.K%+k!.......@Y...N..ap7.BM}.xRr..X.N..S......}.hL.....@.x.8)..v....%..l.Z.......v......#.\i.............^.....u....#.{4N:...h`.......d..t..Ely...9.C.../.\..o............$..........E....LW..<....#.....n..4...G.~.t.....w..x..h.vHv.....~.$bQwh7....}..R..b.+.....N'..o......x.8..)8.w.....I...M'.A..=../Z/.E..a.B\..K_:|N.*y.2...*V>k.1...S.M{.~wA.`..}c....^.t.rY...o@z...p8P.>..;H.o..l'U...G...,5x.~...1d..Q..pA...S.....QN...5L...N...;.d#.........t[~........\A#p[.E....I....]..V.c|N.B.r.....s...!..-r...Y....U..QC...W#........l..w...s-....l$...*e6|.(.;C.T.0E.MW....H...!.S;..*BY.Y..i{6.VE...Un(...h..HC5.U9=.mK..FM....LdM.......Cz...
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPISys.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):78217
                                        Entropy (8bit):7.997672740591932
                                        Encrypted:true
                                        SSDEEP:1536:RenfCdwB3yhbjdf5HRKHeIraRkX7yoGEfKevXFc234n6:4aKChb3xKHjrCu/G8tc2V
                                        MD5:2D5E7B097E828122A389FD57BD211E38
                                        SHA1:C933DF980FDA22413AB258F0B2C4F2AA47FDE83A
                                        SHA-256:817CBC649C942195DA1989617DB3840F9D35BE8760DA23D311F74E7FFA7BDD56
                                        SHA-512:2DD5648082C6A9546935A66FC5CCD6A675890313AF3FC7DFD9108AAA807034C96A0FBB7DB08ABE7D2BBC348CC943862BB954AE21BDBB98DE52440305B99E9367
                                        Malicious:true
                                        Preview: ..H.......d..!:.:...MD.%...>.s..}+..`0..;..[.e}z2j[.*.C...)..G".B.%Y.5.7..ed....S..I=...WId8e............ZFg..p.]uc.. C8.".J..QTK......M%.$...#;/..\[<....m..|...M.~......d...lT..|...F....V..1..j.....(.g....x.._`...H>....Z.F.j .v.....o.G..`..Y3'.......j#?.".S..@..c.P..T.{..M...q.......t..z^...........V.m0.pPt..F#..%0.8.7e4...w.[.DC...5]O.?...5.]....=.EeR.yyO.Je.x..........A&..Z........W.....o.IN...cV.F.}.!.[.5.M.\.K=.9..x.S..ts.......^.).y\...#...~..~&.;.HQw....^.*gO.....@o.B..n............$.s/..........8.>..A.d..(.nwS..ID....}.........=(..9..'.jm.'.....kn.......#5..@....Nm.....f..V.G.N.4....r...z!..v.LC.(4........~.AaI.xl.......u.....2.e..@..C...../..(i.-..#...P.v.fr..t>..[....j..=...7v..k.Z.o..__...AL=..k......j.:.w..k.B.?..HI...t.FU ...].Ivs.....V(4......O=.g..!....t...;pk.]>.k..XS.._....M"L&>......T.........E..a.....D..9..$t.6.H+d%..sZ4f..).i.(..#.gfW..3p.^.'.A0.z.....!7f..c.....l^YN.....t..-....}...4Q.9!.w.o..T....q.....\..g..;e
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPISysInternals.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):28665
                                        Entropy (8bit):7.9949776586517824
                                        Encrypted:true
                                        SSDEEP:768:yoUcYT8mPJpS1+iaztMs+j4vGUTWed/OK:yoUcY/SAHGTQW6OK
                                        MD5:1B67A5E2FA6274C51CC4C8B0D8842A37
                                        SHA1:FD7D2379C85D74FE6B3A3BF9E884D989F758EB78
                                        SHA-256:6D96F34A73F284DB388701E07EF2A07A105402619D7A44E74C0B03ED5E5AD153
                                        SHA-512:EA5C576152DFE09B3B025786037ACC1D85EA4865F6C018EFDCB30C3D2578404148D30E0C5278B37C7B09C08B6A65A543DBDBE82092253FCC4ED6BD1C5B9EE1EC
                                        Malicious:true
                                        Preview: .vA*....d....,w...7f.g.}e...3.....&;..$....b.3Q.~2...M.D...u..v.......%z...-..:3._.$mSAI.DuQ...@.J%.*X{+..<.....4a....8.hi.`.K...e........z..{............3$|6...q.N.~..B...m...X8...]U`,..q.........n.VPG.E.i..3..\./.c..a.\.g5../..)...)v....F...-..zh...g.Rm..yr.c|eC.zY4.\.M...&f..;.W....c1"zK..Om.....<.#J./^.q......x...5.x.T....7.{#WJ`.........v../..Az.6....p..|[^4....>.2..].......D?.v.5A...J.9h..6..|.W...K-}.]|8....A..v..;.JI.?O.~d..U.../.#....l.,r.}..>E... .B?.+.4...9W<l.....*.n.Z.J............$..m...............*...)...).^...h........<!h..-..7.G.^...^...1.X.....(.......t.8.0F..3.....N...#..jw...2.E...............a...).!.........<].....4.';[..M...".....b.vP........w...4..@.r...C.DG.Z#/4.1.5CIS.)..".K..'>5.ap......$.d..p..z;.^.pv\(S.b..P....?.8.`.......I...u..?....$....+..U...:W...sNT....On...K."g...G@.......c.r..+.i.....V.j......F..G#.!N..EJ...m....aC...'\|..B....>.=.....1..s.nD..v../...C4..}U..e.k...P.RaQ'...d.../..?o..`.........f....>.
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPISysWin.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):58755
                                        Entropy (8bit):7.996513420297763
                                        Encrypted:true
                                        SSDEEP:1536:yD0YzAZXxxP0rlZbwvMDAYKd9Y/+xZwv7p0s1XASMwVs:yrz2rubRKDe+xaAes
                                        MD5:EAD3F49EE177A93FAA817FA20119E968
                                        SHA1:9E65B19D5E1AF2EB29559CB1BE62F025A56000C9
                                        SHA-256:CB45BFD92959B8736F34FECB2BE010BD4E602D71E822663197B514D8A7A7D310
                                        SHA-512:C8478A19FFF6053649ABDCD92AA200E43F46469CC2FDF4ADBAB831CC4E971BCD05AD8136DB9F142EA612745D9C110268EF7B17BC74649B926591599E74B790AC
                                        Malicious:true
                                        Preview: l.M\2#v..S9........8.h....5#<..Mt.w..4.~...,.1\...]})..g..._....G.C...u%1._OLi....(..S=Z....#.....)........rs+lI....{.4..%~.U..Ai1[.....U..;.D...w.d...'.-.Fh..T.J5.%.O=.../"V{h....P........."R.T..`....@'....}?.|..M.%.-...........pv.8.)a..@...c..P.. ..7.}D.lQ....!.LlS.....{..F.R9.^.....YU".s..~..W.....}7C..z......k.I.g5.KM.r.>v:..|.@yE.5...R.L._./+.............F...N....,}.K.Uh.R....."$...9..C.@K...(...V*.....W/..3..u.-m...@V.......i.^[.4C...:..5....RXg.m.#..x....1..wr\.+Y5..D)....K..r.2..`............$.m........|.v..../.o*.>....d......f..#.2.q'.I...u...^..d..V..._..cj+...Q...B.d:.hp...F...b...1....Qw.._....eW...&8|...bf.........p.0..}.W...Z..7...k.r..X.,..r/.B#;.|..f.HB..>.~`.C....WK.u@...~.%..T.u....."t*..B....../1..n<.wy..|...K(+'.~....z...O.\?...-....Y....}....Kj...c.Cx..wW`...h........N\.......:...3....@...,...v..z.p....'.T.X....T.tE....h.O..#"%.v....VE......(......)ys..1...........i..h.&%.p..^../.!...K..I.....H.$bw....T..Q.X....a..RI.H......8l
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPITheme.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):42039
                                        Entropy (8bit):7.995666198353852
                                        Encrypted:true
                                        SSDEEP:768:j50d7eQVP2rGakBaaqoL4um2m80xDxwUa96WcaguF6r1gpuZTojxOptn:N0d75EbkBanoL4uhYSUjaPju4xil
                                        MD5:701BE3337515985541AF755513286CC9
                                        SHA1:26379B054ADBB2A6073B187EA25A27509CB80E1F
                                        SHA-256:F1164299081E67FEBBC12AAC9C94327CF22867866E053C2C2546AAC62A60B134
                                        SHA-512:77CF1CEC994A748E593AC8A720E362B127B3483FCE9FE9BD69BB278DDF8FCAC97DF8A44F5307120F04798D99EA8C9E666501381638DE2ED01C98893B18E16295
                                        Malicious:true
                                        Preview: e....s..k}t.......x..+..f..5..If.@.....r.P4.w.9.3~.ZI.M.z._V.Bt.k6...H..|P...........d..9....m..s..in.z"@....iv...a..a...!.../7<.@.....~..lrB..<f.....Y..G.K.;...r@.5I._O.t.6.d...F.+..*..9.T5:.R..n.....,..xUx6w...a}U.R.`...@.b...(P.@...df...M<p3=tc.(......',..g........a...P6.['....{h...x.....O.k~V.......:.....?...t.(.9~..i@.^p. .zg.K...Q.tz/.\N....Z.S.....3n/.e..e......R...J.TYU....v.....X..j._....'Q.....l..Yo.L....u..M.........y......gn3'...%.#O...Oi..A....'.....T/.0.E.'.....8*v..wf.............$.!.........E...)@h..U.*O}...3.Y.h.KdA.:l...F.X..P}..wB.d\.+.2^....p\.K4. ...{.m.....Y.b..oa.EH.&...S-.c..[V3...?i./.....l..)(S..X/L%..f(q...&....;P$....,1.Z.....74sX{)PP.......'.0.5.J..2l...F......r.).(:md.FE.B"..n.r`yd.~...f.:V....j,./....@.|^;=..w.".....+....<\.......+.E..^...wMmj..e.UQ..`h.@.!..J/...5..u[....".?EcG.r..p\L...nS....XN.x.*.=..b.xp..i.RB.+..3..w7..+.......-.P.....hr\|.n.....z.4.yYJ.q"P.r.A.0........;i./../t6I.l.Yj2...l..^.YWs.**K.5U
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIlangConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8851
                                        Entropy (8bit):7.980498329520277
                                        Encrypted:false
                                        SSDEEP:192:then5Mq5FzqZXkwGQ8IiAkVWjxF1IYNKTGGdZulKza4TZ4hF835:the2ye5GQSAkV2xnZobAsle25
                                        MD5:DF112CC916E46A6569EE2D528B4CD8E7
                                        SHA1:FF5D0FE054F4AD96F8546F88588201ABB7901029
                                        SHA-256:3AC3E2B69CAF032F06F1E0E807A0E9B0933AB3CD88937CCB442788CC97FC1E29
                                        SHA-512:F56DC767414C10C3D8E5FDB3F4A74700BBD57855D03588F9870472EC0871A46450EEB4CFF18823304746D2CCE2582B7081E280BB42D5988BF92D1399DCBB6E7C
                                        Malicious:false
                                        Preview: ..Ys0t..S..:.....p.M..|..s.O.^nC[.<A.Z..C.u.k...#..u.G..%.f.)L.{.M%.%.A.uv.LH..4..._...x...!..4...h/.......R...@.....v5.J$W.}~....`p....8.".m.....'xa'.....%^...>........h....L.;..X...O..x...a...W5..w.|..vJ..$..yF.<.xFtMP...\....J...Xr.....=.(l..9.{..k.....%.I.s.s..R...f..)..P....b-P..........i..n......J.2u>_.g.V........`./.6.....\6P..."Fc.w.[&.am4...&..[a...:J.1IQ..OI...t>7(g.5.=/)..mO3]...bf.Y.8...._........P..s.wB.%...].^...IL. u.VJ.nd.#rm..KB....|..&...x.HiU..;.1.=.,a}J.....QK.f............$.} ......(t..].C\}..Y...vy./.\m,."/...'...&.6.5_!'.b....c.p.XQC.....}.k.....VRc...Y..........T..$<YT.X?.....A.?.l+97s...BO....d.......H.o.3c".u(.Mz......]-O...(..dM.V.$...........wS"'..h.[.'....c3...g...{\........v# .^,o9..#.V8......@.0.CU..w ..<....1..........T...!...........fo.T..en;..v..VN%Q......58.q.N.F`.>../...!rw.6@.?.Y.7.Ix.D...{........r!....v%.e...a1J.o...S.<.....`.e...h]......@...3p.8i&...n..)..=lvz.E.....X..vB.0..E.*lM......RUN
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIsysinfoConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):9552
                                        Entropy (8bit):7.979261749641693
                                        Encrypted:false
                                        SSDEEP:192:VhhVU1oaiqRjnNQI6ML5miCWuTnxe4401xLSD1J//wbE0FDKpkFiv:v64Cjnz6ML5v6p403LA1x43FDKpk6
                                        MD5:305586ACA58585014F8C8D229173EF35
                                        SHA1:BA86227B9840A71D9E6F6D84FEBEBCFC74ABD504
                                        SHA-256:CD968EFB43E7176C3246A5C729178793D20EAB42BEBD88509118063D497FC920
                                        SHA-512:4F61627A01CEB4DDF695109CCBC14715057A2FFD4DC281C70DC6ABECD9AD361D665538A2FC1D6854A323BA6DC4FD231DBA26A1324F587915AF4E31A44EF7CCF4
                                        Malicious:false
                                        Preview: .%f.Q.o$o...v..}Cb..U..".{tJ....$...\.<4y..=.|.*A..X.EN.f.g........c.(w....].....4.-dW...=f.0...![.\..@.7......j,.O........o..J.*..3...r...+....E|.J8[z....8.u.{...'..G....U...%.b..tO....-.&rw.....?]..}...SY.d.R...)....B.C....Ij.Y(.x....{[\..?..A_;.a.pm...".0aI...kE.]D...$.z.....D..&M....o.{$...B&..F"......s....6(..]&.....Q_dO..j..=...?.....E).8./.Z.......3[.MP....[.....wu.-.7.(........#.l.\-.}bF.P!..3j...)..H....Ekj...s.22.....3.....u{..]3z.z.].n..n...4T.:..u..e..1}..q...a...|............$.:#........./M.t..$........>~.......$..wL.#F.^..;....%...d .lx.#.W..|E....;'........S.{f6%.B...)....t..ix..5?/5C......`.y..:3.. ..[..6.M.|.+^..o.6)+2.@m}oy...(....q.Z/%[...,f....|.&..].b...>~..h.7.|...p.....I.K.O..48.p.s.u.U..:.!..x...y..W......0.1/TzFk.Qy.x)b..~)....m..~.5b.$..'...x..H...[6.....-...O.XYf.>.h........t...b.W..h..nN...N..c...T:c...sACp...*Tc..A.f..C.K>}]q..fa.T.......U..K.....S...<.w.X<.|.I.'...D>..|..Qs.!H&.6.s..X.....,......<.F...
                                        C:\Program Files (x86)\AutoIt3\Include\WinAPIvkeysConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):6793
                                        Entropy (8bit):7.9718763313718
                                        Encrypted:false
                                        SSDEEP:96:mS3r96ITyVoft/G9GFL8JYDsGopqZMItDHWclCrjLUsussfxJ5TXQxF:mdM/wGFIJ8opqztv0/NsXpXWF
                                        MD5:366A807EAA97F391629857FCB6CAB6A5
                                        SHA1:2A23497CA8193D045D57041188706C1CE8D622DB
                                        SHA-256:F69AD0245A28080BF6862A76E9DE11257BC7E871D45F23A800B3F5D5F23F0D50
                                        SHA-512:97787A7933CC2B90177369D8A676284ADB7CAB83E9963AE07639FD3F8F437C7A9DE2E9CC1A5F93B17A23B4C28D1380421DD093438EAAFCEB5342F32E8F13477B
                                        Malicious:false
                                        Preview: .o7.....}....C..b.....G.....,a...p.)...V.b.Jw........V.Y.H..]+.vv..(\.....@.G.......R....%..K.QF.....FT:..gZ.z...r...'.>.H.g...y,......?.n...lQ..Q.... .S..v.......#g..~....`3..T.1....?........9.Q>.....?....?.#..g.>.U....?...qsN...o..r.....}..w. .Z..w3./.J<...&R.r5Y"..F..>...ri..ic...Pd.[..\{....._.....cm..)^....a.p.s..{.H...%;.$.`C.]E..G.{.BF......N....U.2..Eh..0+.~.">4~.hw~./)..j.Jn...$..T|.y...jl..;.H-....*..._1]4g..[..+....5.E|.. ...|....~>.....1.6...L.F..4#9...C:.5`...@............$.s.......<....Oy.h%..o.Ct..w`.^t......G54.w<.w]`:x..J`..X.UB....%...E..w.,..........~.v...$...x..|(....t....h..s....m..?..T.D...+=N.s......LP^|7.kI\.....C.g.2.....l..&x4.s....}].......@.J.=...}..mg......_...D...X..*.j.J.......D.{..an..@f..9U.../.J.&.....p.l....O..Z.......Q....o.n...../.x....A...Iv:....m.s...2t..{.....\F....i|.nQ..(P...o$.wE.ws.!}$...>..l....E.Z=.A5,....4{ o...v....1.?l..?:e....9.....A.z.H\.<KK>.2.j..S..n.h....3.F......8O:.`H.:0
                                        C:\Program Files (x86)\AutoIt3\Include\WinNet.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):46774
                                        Entropy (8bit):7.995713010765483
                                        Encrypted:true
                                        SSDEEP:768:e+oc22wyd5ozGwNMY9iSS7Fm+fwjUrRxpARbELX4dub46ewM3sc7f2x3wAlGhza2:eXcyQoLmSJ+fwwrrpAR477lM3se2xAAI
                                        MD5:F3C8C7648BC717BBE1B79FACE0D22A2F
                                        SHA1:0127748A860E6DCF70B631B96222F3035A882102
                                        SHA-256:43D78D7DF995ED9356DB2CD08053865C6D5D33DD2684E5E74D2FD16E31F6C4F3
                                        SHA-512:9EAE96406BA39F79CB43475B9BA215C782FF6247BEAD0EF51D6FAAA9B4B461FB10E639ED27EA441D582E8DB7785B2E0904A1902239131AF721169BF301D87BDF
                                        Malicious:true
                                        Preview: .....S5...Aa.I...".5.qtl..mA.......1M]..9c..vy.v..d.......=..w.E........1.v..G...X.U....ff..@L...5.>..VS*@U..d...G+0.I.c...%6.d.]..5n...<((D7...n:x..0.....w..${.2..q........!.1...F.S...o....:.Yob..2h.?....p..7'...P.\.../..{....nm}3......S...=!-Y.r2-....'.ao...i@d.%..p.P%...g...Mbt^7...W.U........e.'$..D.\........2>...^.O.81p..N..~....?.VqY-.....m.....Cq.Y......E2..|.y.$z......`.&.l..Td..gZ....n..i.P6....'lx.`.7..@-1..,.<0h"..Zh.....:...n8...3.Qn.....O..e...%...6qQ} ..jk.y.m....g|............$...............I'..?....f..V....h..m~..........*$0.3S....0..F.... G.Fbo.d..Z..x`.),?.f.....c.].{...6.J.g..g..2...E...,..h.f} .W.q..4. =.Q....Y...W.xv...z..D...T6...}..J.......N.;#..g.....4C..\J.._.P.p\&......u.8A..L.D./.../.....[..zZ....fJ..mZ.j.....1.eZU......C.T.U..F....Jw.....nY..........*..W.?.T..F?.R{..&...>9{....#.XH.%y.<4.....V........i..Cq...z*C...ny{.]n...m./^...5...H(9...).....C.".ry,6.tmb...q.........R.....P...gJ...o.)R..=..w../zr.......l.
                                        C:\Program Files (x86)\AutoIt3\Include\WindowsConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):33944
                                        Entropy (8bit):7.994021892854999
                                        Encrypted:true
                                        SSDEEP:768:bGuf87gNmy/KtA5G4Hn9whFNtHNu3pjqmlkBmHWgXQC6:aCNmyKU1H0NtHNu3pmmiB/gXo
                                        MD5:2C39E81573E8A994F6C879452A939362
                                        SHA1:5E8931374992E3A10A38E95C3DDAA00EF7A60DC4
                                        SHA-256:748241166460F5C5ADF9C02E8E6C6A18FE7891D3F11AF96CEED0CA8B9C5662D6
                                        SHA-512:FD21EF9694FB5173D208C4EDBEEB69E15BD38CBE647379508061F0E0FEFB79B57303CE055B043FEE264DE03A5C56FB850A6483257A3278FA8A56004D879B42BA
                                        Malicious:true
                                        Preview: Cv......*...........pM.d:....hN.~.&.......Y...6.\._....D~lna.....0nu....<y1^..s_..TB.j..a..x.A...@.2...W.0.h............HsQ..{.N......$>.......K"..IpC.@...+.U..T|....9/G...../.B~.0.A...B.......*..a.%.uI..&.q......j..#.c.woAs..x"....=.b....?u....OI..7y.*...gxc..)-...?..,.........z.......9.P".V....w9.=.U..WP*......s..O*..[.i#-$GZ&| K...j.i1.B....wZ*3.7....Z.z...ah.;^O!....m .=8>-...P....+.. .X{.>....j.G.-......,.Z.KZ..)o.E0LPQ.".Y..Nh.].\8{.......'...hXGm....F}@i..G..)t...h...9d..z.5............$..........n.....S"U......._%...yn..-.................R`.,...6..k$...f.q.mk"..g.:1..I..3..x/.3M.v..d.>......l.B.r..&..y..8...p.:o.a....m8e......G.W..[..4$.....[.%..Vy.u..(.6.G..8Bj..........BK..#O.x.....o&.p.3'.l.....3s.(;.j ...<.Q..'.......Yr..,.1].+..q!..5.{........Q...F...........,.(....E..5BZ.......Zk0l*:.\..N";....k9..P)...F........i...>!......./...+v+..bU..'U.?.A..JN.M.f...Z...&.*x..wqf4.........e....2/..]..s.......W...h..2 .p....c..&!.r`&..
                                        C:\Program Files (x86)\AutoIt3\Include\Word.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):33455
                                        Entropy (8bit):7.994646175122412
                                        Encrypted:true
                                        SSDEEP:768:9cqURl+PNToJ8MXwz38HLRUei/JAhkr3BGTX:q7l+tcwz38eeY+hkr3kX
                                        MD5:B94DC29090C133EB6835D9947CC9DC6A
                                        SHA1:7B73F64216BD868739E048E694ADBC43DDE16F76
                                        SHA-256:5CD8DA069F23EAEB6287006B20FAB3B56BBB1268C86B331A31B52E8F125278CF
                                        SHA-512:89BD6A2508F33076F367E24BAF0A110552B7207FDADCFAC8EB24BC626707E325970A188A33E99D099272F0FC7235EDC40864BB06C5926F1F0229928D4441573A
                                        Malicious:true
                                        Preview: .\G..O...L.x[....42\-..D..2<e.....!Q.L!:.X......e.....j.)H......Z.d\..u9..[.1..1....5,.0Q..$.f.%.=<.....%............m.S.z]....C.U.q.._"....6...>O&..:........DA...@.w.5...:%...u5.8.M...K>....}....xc.9.;m....M....r</..P.g...?.sU.....y...1...8..f.Z..F.....Q..Q.9w!Q.)N..!#..|...}....3 ..B}...ja..k....".1...20.......N..;w..V........../[...?.' '..gR..[.Wh.r..W....b..9.. 6w.O...J.m....\.I35..c".. l...q...w......uMO.....R;A.....F.1......;..9hp.......z..l}..^%,..q..m.....Q.......l...-.;..h..............$..........&(m..a.j.LQ.. ..5...s.....q..vk........>..X..|Y.O.V..........@.!.8..+.."?..).B..]nVg.....D..zN...,.......(.G@.A.W..c.2......c.Q+...]..*.d......l5xK:aw.?F.NF..........5;/.1'#.*y.8.....C...g..,o*L,S..d.i,*.......h.h)..fK...?U:..1.....Q..Z.U.4P..9....sRn.!.r,....,D..pGdc2&..!...S..)......W..)[_...o.w...C.yU.L...o..k...,..XIrLs.H....*.X.....P......`e\......1.f...?..[....A...~<...Jz.....N.H.p....E....O...d.i.f.........V.>.u#.f~..uU.s.
                                        C:\Program Files (x86)\AutoIt3\Include\WordConstants.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):12202
                                        Entropy (8bit):7.984194966970835
                                        Encrypted:false
                                        SSDEEP:192:BoJaljWpNakDOaMV2C+Y/9YJpIR27bZhLoUWpondqvf3YgBkIn9/KFabV2/37Gs3:BoJagNvMV2CNYJH7dhEUJUoOkIn9/qaW
                                        MD5:EC8E18D7CAA90412508754F0AE0CC516
                                        SHA1:7CA098DBCB876767DE94B60F2A9BDFE83AEE8255
                                        SHA-256:FE4E0362E4F29A4904FC850328B4820699EBBFF8EA63B0079E0B3CD801923B14
                                        SHA-512:F5853A4E6E68B5D2B120CA17666E24227A1C1E3A2116EA66C8340438D601228CD07BD98DB633BCECF022778895FCBF7E2EBABFDE5BD0218F08308EE87A540750
                                        Malicious:false
                                        Preview: &.[g.iC...}{..9+....6.h.......Y(......Z..&.oh6v.X.bB$...y....u....M#......7.........K..=?`......4R..i../.l...Y....{Q<......K......u.26.t5 D.....B. _.?.M.\.uJ&..;_.. @.?...5u...W.(!..>...}.....E......-...U.\..$......}`.....W....*.60@@T.)b..ls.mIa.`..x....u..2..5*y~.U..0....U..q(.6..R.....q...G.g.z.......o..Cx.B1...I.h."..Ok'.z......bsP..F/cqP0.pv..3..BR...4xg..J.j.:+T.......aL..B..Tw.M(Z....u.....x.z.b.B....Z..A.M...U*Yz..Xe......j....Nm#b......4ft...k......g$j..!oD...i.8.;J....~....vU............$..-..............T)...o...].3.4....N9....q...#|x.8...G.2....g..V..d.j{...j.=.U..%......g.=(.o....f,aY.....:.'..>.s.j...c<Ov....G..P.S..o8w..4.....k.gRZ.Vv....6J..i..CaF\^..=g.n...[.a7.H.uqn..o....UT..C ..c.]..0...I.'..d....~T...<...Z...G.m$%q..~.t..........LV.......$.+I [...(n.U.<....j=.Q.y..s.].:..&..^..g..Q.......T.......,.K..U.MA.{..Z.^.i....On....5...}.....V.n0g(D.\.E.-.G..=/..A.I. S....hGy^XYiE\.W.#].K.X.~.W.CV.[....TCxc/#....0../..m.. .t..!..0{
                                        C:\Program Files (x86)\AutoIt3\Include\_ReadMe_.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):748
                                        Entropy (8bit):7.733600433439938
                                        Encrypted:false
                                        SSDEEP:12:DZkVqpUX/nrR96IrtVXsQzrf6ufSWvvqzHIsMlD70h69z7EoDS9d:FqNFsQXfEA0HRY79zlDS9d
                                        MD5:21553FA888BFB770C104AC021DA151A6
                                        SHA1:85E4507CE5258F33AF737939ABE9C47E8E445012
                                        SHA-256:E2584994F20F40969F28C9DCDEC986BF752566507B61AA9B928BC8CD9CE84D3B
                                        SHA-512:6D95BA4DA3531665190FB18DAD438937B56FCD8F2112799F11E04E13A196C6A23FAFDB344FAE9BCBA081C3421AA9FF2307793B8D5AC2978CEB06710CC5AEF327
                                        Malicious:false
                                        Preview: Zg.z....<Rgh.......Izld...2.|.`?..]..X....<.jb.&.t..#..;./J..[..5E@..G..r......9..K.LL....Ii.6S9."...)..I{..rL.^...P.3..n.)...c...K....&..Cg..a.......|=..q.y..+.Qm\.GY.*.....Q.V!NV"_....f..:...7.C9..|M.L...O.Op.E.P.....~$.oV.4Y............F8.@&s..+N....c@..6m...T}E..A..,..r.^.]..a$....6P...8W.(.KXPc.v%.[?./'....9."..Q~....7.e..B..q.MhZ.j.u{D.N..8`,...SL......0z.K..3..Y}...9D...2...)}...x.FY...U....1.H....'6....{j.~ _.<.p ...)..rZ..{.....\a.1.R....Z...k...ysw..g.......1...3.9._............$.........sBxg6.{W.[.*:r.....)....q.....W)w..~.....).-..8^.......]u...U\.7.g...c.t..|...p.f..^.K...5.vV....^...b<RsrB[.o......(>...N.8..J.7$..X.@9/..6Xw....]..e.E..&......]5.S..4....p&M......bs.d.........&rb.....
                                        C:\Program Files (x86)\AutoIt3\Include\analysistimer.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3085
                                        Entropy (8bit):7.933614744632144
                                        Encrypted:false
                                        SSDEEP:96:tn98YwuYCnFoOAiX4BzzN/cXrb6UCN+0X98rPE7:tiYwrOAm4rhU++M98o7
                                        MD5:E1B27F2CC4774A961FE6DB9DB764FA6C
                                        SHA1:A84ED5DF44569D2801DE18B6B1545BB0D5D049DA
                                        SHA-256:93A2F8AE0D3E6B9031E91BC0B33BCBCD8310A4DC12A89FB2600F96BCEAA38926
                                        SHA-512:F1EC1105CF51E97540556A410E878223CB5D2C758740250BC9EFC3CEE98F0115BE99487AAEECD398546CB57E0C453F6276CC8C5E1C66C93FFF4D4EF0BB3756C8
                                        Malicious:false
                                        Preview: .......e..s..x..g].#m.......}...l...7t...I.D.V..9.%.{M.k.I.:.c.H.39...I.Y$...q....;...y\..x...Z..D.Pb..q@.(.K-.&....:.l.o.-Yx..j...;...|U/..|GM.k.Q1..`.-s.5..wrI..}.v..16.s.w~.?.l...G.../q.z....n..;..;/un..%........u.%.N...{b3..`]....9.!...j.>....#..UA.k6......|Q...#..(,..vEy4.b.....*4b......q&...6.F.r.gdv..%...C..B.OOI).P..........Jn..8.:..p.....U..9........G..E.C*HnQ..\....x.,..1..V...i...f.'.....Q+..%.U...Py....K:...1Vtk...C...g.H.)....Y)0d....T.8...6f.....9..ow...&...."H..X"q..............$.........../...^...#.i.M.UA.R6...5.E..B...w..N.7.p.{./.Q..M.[~..PxF....#O...ia.....%.'..`w...3....O.....pk.o.\f.......!......).....Q..A....0.^.5,.S.w ..c.M= .......R.p....d.-hY..(..0.3....g.Y..t7IG../...6.gg.,....lD_.mxp..3..|.y...c.B..l.......~X.Hp.....mV.e.3.T8.?.....>ub......st.t.k%..sF......Bu%...H*........".v..{..S(.......LSptbg.........T.^..~.!...cq.'.$.>W.:....,..%.GU....o.......H...M{;t...N...A.E.-....*....14..Y.uT.5[[.'.....;.!..A&V.C.b..
                                        C:\Program Files (x86)\AutoIt3\Include\cleanup.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1880
                                        Entropy (8bit):7.906946846844016
                                        Encrypted:false
                                        SSDEEP:48:4NcuvSBPbLptYOzD2zeomjQozXSwyjd50sgEK5Kke:4NcISlb3R2aVb+wGeMK0ke
                                        MD5:DE3EFD0684A766C8535665431776778D
                                        SHA1:3A084849A864BB044FC1CE88171E01CACB23E814
                                        SHA-256:5115200FD08810F13EE4AEEDD008CD76297A35746EF882EDE2BD07EB09C06108
                                        SHA-512:3C832E7987007E48EEE7605EAB981A57187AE61410ABA22A0BB427C2D1931B5849C34C2A3542FBC42FF8122ABBFFA6BC56B7C20A7522225B3C2A87D20F484271
                                        Malicious:false
                                        Preview: .r......5.."...{.^a..../2.)h.<Q.]nR_..|_2.KU...k.up.J._..~..V6..3}.$...f..f.~.)9...........P.(!...K.h..TA6..m'..G..!..8q..].Q>..\}sIf,....}..T.....Sw.. .@...zI..!.....H...-..r..L]..z.....Q...=.0,.r.A.a.2..@...z.@..l..>....<.s.giA.H..9....KD.H.~...f.....l..#..v.f.wq..adX.oo/.H..~FY..I.Y..%..P.m.<P..#SA.7..\.3..SN ,.~...>b.B.op..'8...04.q.U8.^.o.v.3..s.,S..r....kQv.irX.....%.5..>.`BO..1..l....;hp!{.<..Z....F....G.'..j...ed.*... 4....N.K1..3.&.?(.a.9.8.[1. g/...Ha...4E=../:O.*H.Z\...k............$.B..........U.-.....;..c........p.k'...h....(\e.Q,z..x.?.+|I...j..F...u..".q.....~.vU.vI.$....-.z.,......n.$.Qv.v1.x..}...P..d....d...$...p.4..].).n|}n.C}y....T.l..o(....>..7.........&.m_.f.G.L.m~...k@.%.'.%....w.z./.o...n.K..O.$E:9.P..........>(....t....0\..n{j.07..$>"...j$M.N.RS-...V7...i.M.+.......8..*..f..*r#.I.c6...hy6y..NJ;.R......"W.{?U....3.O.*..fQ......GaB....<.l...>....M..!..0W.Mb.......y....d(...r.J.............f.zt...A........y
                                        C:\Program Files (x86)\AutoIt3\Include\helper.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):20690
                                        Entropy (8bit):7.990919582653334
                                        Encrypted:true
                                        SSDEEP:384:ISDZa4E6Te+NPhExM70GMpGbk/X3jJb61vzDja90bZZCg1FwlRgpNO9kdw4gAD:3VEseePoO0JL+D+uVjFwlONO9kKQ
                                        MD5:03E68A98E33D4D231289BC18DB8F361E
                                        SHA1:47800ECE3C907E7085A160D9AE2674BDE917F2FB
                                        SHA-256:E2D58D98CC26E1F4EBEA85ADC24FEBF48BE6D74056779E2FBCEB24AC1C17A242
                                        SHA-512:AEBBD19DEC7E87AEFF48C24000186BBEFA09EEA0AF2CCDC3B6CB48F1DAEB4F08152EBD5AD967AF045997F6CF8D3CA84592C56333E630B77C9B0BD8A53C6DC71B
                                        Malicious:true
                                        Preview: {...z.?pZ.I...8_W*....d.}E../z.#G..x]...........n.u+.-1........^.o*..8..6....mf...3. .d....u.A5A.y...Q.#q!..X....:......_'g|mQ.....~94[H....e..o..O.(.......c.)..2..e..{(JUJ...Y..[..9.\..!H4..@Lvu..0.q+..a...#.w..F9....[..2.5).v...q..X-...c9.A6...7&%..9OH...4....eS.K.q...qg..&...}a..+%0h.R.V...l./......@...J.N..K....35ce.............+...=6Xt.N..\..$!?nK.S..A|...>..o.....B.F...t.......g..f..Vp.`!...P)dTgP......p_fM...#..5...r.Y....!H{..RM..h4.....h.Q2U..\H..d..<l....d...l<"W.."...4.:1............$..N.......<.0.7.@.2...A...=n...T.).c...t....{..\..C4.+m:M7:.5....`....?w...4...Q.y.M.w2B.5q......KN=....#.p.3..L.mJ.vx.J.I.Q.+&w..f......$7.j.B..F[.8..zxf.O.':.~.N.d2u.{Jy9j...rb....F.t.v.P.C...#..B....r......%=Ids..qp..GI......o.._........m.Y.`d...J..q.c.*O.%.a .t^.S.*..+..2a:... ?f.pj.z.5.8,...+.c.</.....I..B&..#+...2(eG.Z...e..&.x7......w.P......-D..:4.B.6U.'.RW....-.b.V......d...wZ....oj.....i.y.&2M...G.s......{.-2.G..;...xz.......1..Y...*.
                                        C:\Program Files (x86)\AutoIt3\Include\htmlfetcher.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5726
                                        Entropy (8bit):7.965488080696261
                                        Encrypted:false
                                        SSDEEP:96:hes6TkO6vTzqt4l46ItMYeFT3LIZAZIud6IfPlbU9ftni0DbwBpJBuv/:RT2kT3LICZICfG9tniN5m/
                                        MD5:A6E2E886A03C2D629A4B62C14B2E9300
                                        SHA1:67E7EFFBA3DFA7E240E31824F84CBA39F3948F74
                                        SHA-256:69B57B9D033E08AFDAED2272FFB889FD6B52751758B94F9FEB2FD02292B41C19
                                        SHA-512:C7B8C0DF2994092978E1D020F15D447525461C34A434CF032E41AF81DD59BE14A849393065077FAF31BA877C8E7FCCE16E92E302312036E41B517B4084CE0E30
                                        Malicious:false
                                        Preview: ...9.P..T@.J.m......c...f..{#.>..O.l..8..]-....7e..YF...#cd..n..g..F.mG..I..3.....dI.F~H.P..#...5...ie..3Fw..R........lg....,.U(AbV..O...#.aW.Ww......d*....J....+..:.[..X.......M.+...t..G:g#....{x.....w.qa....[...\^....7.........+-...i.....<..k...>|.a..Nt.] .P.wIjD.q.....[B!$D@...ue...T.O....^..A..L..Y..kh[V...w.T..~.R..i$...>.C.B.6..i.v.;6..R.../?.j.V.n..B2Q...&...L..]B.H.#AIv..zs....0%.......4.GOQs.*."..:..'x4....~M.[t..Q....QF.,_M.O~d.r.......Y.&...v....@..I...b'.B..\..l...M.N..1%t................$.H..........^%.p.F...N.p+..i.k..&........Z...}..4.H....=.i{.@.\^.-....Er~...^..EC#ns...|......*.....W...pj..*...<J..t&..c.*o...x....%.V.IB...U.B.eu.u|f.&..;*.z...L...................=...-..Q...0..iN^.4.tu....nQ5...:0o'.4.......6.T0GWa$......Sj.<.|....#..Q:.x.Fn.u.....3.72@W.u.M.r.,....=.8....AQ<0..o..)Q.a."%.......\A.u?......_.n./....h.> M=[.*.mkb.....z.3.x.P= .......A.J.'._z..$..|..!b.....BN.*.Zp.?.I.{.KP.....O.^.g ......Ng0.U.9.E}....q..>V.V......d.
                                        C:\Program Files (x86)\AutoIt3\Include\htmlfetcherchrome.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):12072
                                        Entropy (8bit):7.982614389894898
                                        Encrypted:false
                                        SSDEEP:192:GUbBXkoqXFBQQ7IpypXWECoheZeJvgeOCndqnrKSJYfr3RdjFjMEsw3l0RSM0nOI:GwXkowfQQcwFWECpZOgFCns2LrJICV0g
                                        MD5:12B098159DA8420807B7FEE689907FB4
                                        SHA1:B6C0E27B7449B98E6BE6E2E630C538CA43F703A1
                                        SHA-256:5EE556F9E325A6DB9C8A6BD6E662A2099AA1E5B399471B58A3AFD444490B8F86
                                        SHA-512:8D030A7A4B06DD03478DBB9984535FEFD10AD56C3487EDC9E4D0D34AC6F6841BCA82692B584C756F84BD3040A5D8560C429EA6EB2FC0AEA19C5DB4FE707B0194
                                        Malicious:false
                                        Preview: kH.....E$...J.....SW.......I.@...)C.o.R2/........Io../G. .0.....]v..&R....r..]......*.<:....v.i.9!...+.%..ww.. 9^.y"....:A.M.f......."r:....p..j.I.b....v<p......a.f.:....&.9a.T..0..|T.)[y.fNH....#.HVw5.'z..c.).../....U.A......|.P8de@.u.........s.b.B.[..BHf{.q...M......j.Z...eO.o.C.....o.E(>..7q.%..e..@A.1.i.d.4..i.fv.T;.n._......T..6MOV.@....i`w..s....y..r..14'D!.w.E.........h.fry..Z.....N..`m.|./....U..d{.[#A+=..-'.L...*L.d1&...F.o.E..4...A....Y...r"..cF.....4.....k[B...V..>..*,............$..-........z...@..On...<K.aVP.m..8.#....9......3.\......;.....B.$7........u9m.>...TD.._a..$._e*Smkv3j].2HW.WtZ..2...i.Z..*S.E.].Iz.....]..7.D..3...!...AmK....&..0@.2....=..vy..]FRO..F1....5(E.|.E.....J.2.......b/.....R~.J......0@...3q.@....-.....p.f.+...cu.FF.g..u6..\...+...]Dd%..&..e*.._...w..W...e...cs..T8..g..E.@..}N......MC.....5g.mfCt.e.I....Z.7.......{c.|.%.............+\e+;... ej.$@9.v.cPURT.v.n....Y.Y..vlQN...N.9.E.4\..Ac..)...CC...v..z.y
                                        C:\Program Files (x86)\AutoIt3\Include\ie.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):154079
                                        Entropy (8bit):7.998898509638391
                                        Encrypted:true
                                        SSDEEP:3072:lFj3dbZ/rRmwOYZczaezPiZUCb+GV9JtlHXqaRI4aZ4:lFTyXHGV9Jtl3qKVaS
                                        MD5:CB36AE054708ECD159453E24C8E986FD
                                        SHA1:52D725BCB278D6400C4AEE0749A5B7087563DDEC
                                        SHA-256:F647662B7CD67D8A2B8F2647A26745198A3B2176C7C6A9306B966E2334608814
                                        SHA-512:5BFA5236347E1D7849C70FCDB29380BCB8A826596E98316399B227CC981291776C650D277DD9CFB2B2D4E48B1DE5B1EE7B6D12905DFC195F6BE6F81DF24BAC5E
                                        Malicious:true
                                        Preview: .v.<....Fm..Y..]V x0...nO..0...F..Z......}.......[....O...oy.7B/LA.HBO.8..(...5..'KiOA>....r..f.R.|.Ko.c..J..%3...1.6.....D.s.0W.$^c......~..,..{1G..xs.U..6.~.5[c.-.*J..q../ .Y......)....HiF.NM..?..t.p)O.....].I...c..*%.j..C.DP......t...8e..Y=-Dv..0.....,[a..f.~...P-.*+...)6&..5...MN..*...A.......^.l .*6.J...FG..._L"...Tn.e~*....N.....g.}.)2.......=....=.!o...ON.;Jr....Z!{...."...G>~&.k...5o....s.k4.R*...,...c..2..s..........`....... ..(.t.Rt.L.y0iC...5....s.BN]..1".T...x...0............$..W......++.26jL......|..J...y...{q......E.4.......(a..0..O......|..D.Ii.fT.?.6.#..k .{SA....._......$.D(..?....s......u...*..j&k..}.-..<......P2...[..g]......*...g.o0M...<1........-C...R....Pd.E.p.W..rw.|3\.b..R....r+.mZz2....F8...U....W....x&...{j}..q..\...>...O.Z"..?.y...6_..N....d.C.U..wQ|....,O........!$..j;.o...v0.!...- ..N.QR(b_...B%=...y..D....Y.M.^..........A.-y1.e.n/.m...*..4.=.{...4...!..m......D.X.7AA..}hU.....*..Y...U.]..X.$s@.%
                                        C:\Program Files (x86)\AutoIt3\Include\liveprocess.au3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3182
                                        Entropy (8bit):7.931566656570347
                                        Encrypted:false
                                        SSDEEP:96:TRSv2c3uyMTTgVKw9ZUH3/8H/uOye0tFyKrvEBL:TRSe/TYdZUXEfuOyr3yy8BL
                                        MD5:EE98357C29563FFE98477FA28572BF8E
                                        SHA1:54A8769969CEFB6C5C87063AE13D9C4C8706EC65
                                        SHA-256:972A67D41855571A18BC404726423C0A3A4623FCC8077AB42624EB849776EC1A
                                        SHA-512:773645BE97664B8898F810D3D3A465B457496B91B1AFFB38CB72955B1274BACDC3367AA85CA1D50000E3F7A20F6ED7D9598BC0BEB313CF1C9CEE4E12300F4B8C
                                        Malicious:false
                                        Preview: ...d*..)w}_......<...Y.h.y?..]....Y..oV_.Ve=.(dR..)...&}..g...U.C...."..~lj...h.Y.e....|..g....M.i...XAD.....B..../<"[..Uoo.rx....5.".F.X.`...Pm]"H;..p...p.........j..._k..G..-.K7.f...g>RH..T....`..v.?..u..r..{............6_...+...I........>.....G...PK.R,....n.^uw.f..[..vo%.2...uE.....vv.b@.<...Jn*.4..........'?~.$...._.;......3..0.$.x.p....M...v..vB.1M.8/..1...f.....}..jK..Av......!<6..UC.....T......Sl.q.SP......5...-.x&.r.=A.q..3N..?g......F.1...H.*....3*3..]..l...p....j....q"....l............$.X........8...V..%P.......A..o.O0..D..NP...]b..t.@g}..&.....W.+z..B.H...._u_....Ew.<V....c...m&..,........5Aum..P..,|.|a.$.<'B.Mn. .......B[.....X....~..~"...#.!+].E)...].c..O..m.|....{..{..F.......W)..8...Y.......ms.B3.5.$....X....-p.........e....<.#.j.o...&..(`.]..bm..v.P.A.7...$v2.kq..5..@b.x)..:...Z(./..G.K..`...-.TO..s.D..N".C.nn..rB...]-...L-...T....o..!Z..#.Z...N..............W....$....n.6.D.$.o.KW...h.x..._.!.*^...E.w...*..j..jZ..N.k..[.^..
                                        C:\Program Files (x86)\AutoIt3\Include\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\AutoIt3\SciTE\au3.keywords.properties
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):91845
                                        Entropy (8bit):7.997833356217155
                                        Encrypted:true
                                        SSDEEP:1536:ABQBna7HEpJiWDFMsTp27qn9MjAdN+fbm6ScbQ4tq9gr5qXIo9v/+MA3y+qG4:jBna7y4Wzp27maakfbhScbQc9FqXIoZJ
                                        MD5:48203CECB3BC2033C66A23BF53AE7D9D
                                        SHA1:CA903A5D6C5D0C87FF5C29CC180A551D4584232B
                                        SHA-256:AD3A1569074AD8025E8EDEE16C1CBC4C412FB304D645A135315591E74195AEDE
                                        SHA-512:45798921FB20D9CEE2A556C124753D277CA2D8037976C4A70B1DA592DCA5DE43479828339EA5B5AE9DFA382D36377ECB509A7EF49D9476B24DA7FE30520E3249
                                        Malicious:true
                                        Preview: .j.j=....lW...f.3Y....@. ....Sw..w_{W;.-o..=`..-mp.D.}sP..lw.y.U:....Tm.Z.3.....K..f..^......n.+G%.Y".J]..R.cg.c...j.U.$H.....j..+Z......Q.a.5e.1....X...=.o....}%~$..#.D..5V..k<..+...^..o.N..D:.b.q........].W.e.$i......H.| .....eV....T?{O.....=^LDm.%..(.$..;|....S.'=.-.s.N......./.FZ.).jbk..R..B.9.3....X:......iV.....p.,..y...}<.......).>.2.F\.W.n.F^.tF$R.]..+......i.......iZq.8..>YZsm.Yog.w.....q......9S...)...=..p..3..I.9..^T.Y.f.Pt....MI...........x..Q=..L.......!.2_dM1..E...............$..d......._..M.y.1$...{.......`.R....1.........>.#%s...`.D]../.......b......t....?)..z=H.......E...P.......i..0...F...a..jG!@..'s.i..%y...Q....u..z..>..P...Sb.?._.........@..>=....K,[.~..s...M.{..mL...G..@3EYS...n.......<..o."..p.g...R0..B....vq/..$....ss`....J......=..K'.p.Y..yCs..>T..<...2.W.D....G&+bAu.s.7I\.....e..:SX.*..x.?......d.^Nx.]......u.+...Gdj..$3...w.i..>g.`.%...;.....LO..Xn.e .\U$.....#.X..b..&....(p.Aq...".0.X.-........<...Gh..|..8
                                        C:\Program Files (x86)\AutoIt3\SciTE\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\AutoIt3\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Common Files\Adobe\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.OLB
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):15086
                                        Entropy (8bit):7.989347227671315
                                        Encrypted:false
                                        SSDEEP:384:RMsrHAgD5KEPzyCZHx5zR05Uei0EJjR7ldCy7M3ZY59:KszZugR5d0FfEJ57GY59
                                        MD5:56CDB1A188AEFD141ECCD78FAF51713D
                                        SHA1:43E0A0E54BEBB85A03E6EA74ADA412BEFB76E252
                                        SHA-256:FD7823A8D360A527ED0E2EE1DFFC4440283F923F86A30B466DBE041945E96BFF
                                        SHA-512:AA32DFBA859B81D87AFBAFE328B2AFB27371D0A98D7975FA99FA71B647189EAA3D6399B7FAF5D413FE074CDFE2AF92750FE427E4A7413F4CF1500479B0BA042A
                                        Malicious:false
                                        Preview: C.Q.D<.I.e.U.!.......PI..'.+.o.h.......sq.X0.....cJ.)dbU.xn.A... 0z..'.l...\..(|I...B.....FB............o......C4~t.}S+y>....UR..J.e(..@....*|:/.....O..9Sf^..T.../....6A.dS...Bnn:Z.#.R..u.../.b-......../.HFo<..E.........J:..!.X.7Bi.....\M....:B.....|.D....t.S6.}..........a*......Z.W..lI..I.^!.%...H....t......;.O.P.K...~.^(|........2._......:@.'w.....ON9.(.e..4..ng..>..dl.|\....S..?....w6u.Z\..8x.jA.......M..^.?C$frd]......1b.+....2=.&5.Z`+..j...."e..<K..W......PL.....dez.#.m.=/q.?z*\6.-M............$..8........0.8....@......*lZ..!(o^.=...'...7.. X....G.v.kL.......I.&..W.9...pr.{..=.&$..D...&.le..5.......z.........H.U..Q."O.1..k6...-V.....nq..uQ.Q."..V~s.I.GC.~..u.%.Aj.r...|....o.?.T...z.f,I..R..{Y.Xk...1X..v\..W.l......E..n.W`......j.1..u.m......,...EC.-.=..Z7..&..u...n.].B(@R.N..E.....%.m.|di#=.l..S.........r..C^3.U......z..n.._]..<..m{C$.e[.x.._.B.y.f..>\...^U..5........;[.o...9...G.....p..l.".N.^D. ..H...{C......!&...p.G...n.........2.......b..
                                        C:\Program Files (x86)\Common Files\DESIGNER\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Common Files\Java\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Common Files\Oracle\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Common Files\Services\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Common Files\microsoft shared\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Common Files\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Common Files\system\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Google\CrashReports\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Google\Policies\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Google\Update\GoogleUpdate.bk
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):156638
                                        Entropy (8bit):7.9989065374419175
                                        Encrypted:true
                                        SSDEEP:3072:o2s6S+AevibxWA12Gm/+4n4pPAB78TRZ6/ERnnnPNPAdHWBtcWok1WD:op7evyj2Gh4nuIB7j/enPydHWBtXbq
                                        MD5:995DD65D6B0226CB95D5D9583CF4068A
                                        SHA1:93FDA75F4E8B69A3CDB66B387C661EF4177DE863
                                        SHA-256:8D18FCA5272A7703EB1AC6D44944C44EE482F25304C0F1A9327D394A5F84A504
                                        SHA-512:CAD89291C6D1A80B7243161B70C92F2925CDC53138988B4670BB0CA3902BAA47CC8E6134D4E1549D4C784890FBF914138F6968014B06D17CE4A78AAF3BA2ACEF
                                        Malicious:true
                                        Preview: j....g..Zn.Pk...\Ms%... {..2.@....4~.?"..o-3.^.E'..TX.9.w..f..@N.z6.1.f[2..v......i.1.oq39z-1...?....5.....k..........\.......D.....?.......e.E...z...p....$.......-.,zh.W.....O};.NN.'O:cL..p/)..5.V.&....Z..k.Q........S.....a......CQo8..Zx.?a.!...W.......,.IM.@...k;...>3T....lu..cC..F..)/w..........Y......h..:1..]4H7....<...V.dy.i.....:.....|ZlvCw.V.M$.2t.yQa.....9... f.#O.Q....*N...|....Cu}'.g...+.~..c........4....z.....JH.c"s...%/..\./-"...0..RKGf%.....%%..~.}.(..#Po.....R.$............$..a......%..(.....9V..dj..X...H...E....<......a...y...xD$.:..&.Gb..1..(K...<..j.i..C!..H.^,)...K5*..O;lU.|...CkP......#....zd.l\w....F.#.LW.9..K..A...-lO...L.X/..xB4i....3....E...)Y)..;v`u..:.E...z.k...F.>.#4dz8..".j.i.... F'..D.f......".OX.o|..d..`...{.sn....v..7..a.]J^.'..!:.}...'......].*j.z.,<.U~...;(.LR....O.L.}.0Iy...w.'g)u..]m..(q.7.qX.H.}...|%$!....d.TE.;d..2y..h....BPj.$..}a.[is......aa.]..m.....u...P.h(......A..f.g).....[..Qu.......:\...1..jL.
                                        C:\Program Files (x86)\Google\Update\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Google\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):986
                                        Entropy (8bit):7.768002097332968
                                        Encrypted:false
                                        SSDEEP:24:UyZTaAOv16TTZMK//g3hpGauNlZwRvrRhFhHMkBqE:B5nOv+TZZHWhoauN4RDDBqE
                                        MD5:19093D73A38E0A85262AF2AF0D69BF9C
                                        SHA1:75DF3D44934E72986B36A79EBB583E37CAB2A859
                                        SHA-256:3B34AF50395472743EF33C1E0B817A03F78DFCA5463EA92C4846F90B92F8D2C8
                                        SHA-512:ECA598A134F42D7025AC9E86544C65A8384A7BE62F114BA2183EF25C8074B61335C3D1AD8E18E5EF162B44F0E4B49F17C9CC4A0F190B0207916D4136803F0475
                                        Malicious:false
                                        Preview: ..v9.%...<.V..\...".p......6U...Q=X.Q...u).Z.{.x@.9..CXtgz..gu._....D.C.^.jQ........:..9.w.#q......A....r}.8...J..........#-..r..!.F..*^.......0;* .Y...#.\oW.'.g0....1{..A....7.....G.WM...Q=....[.FOV*?d{...U..Yp.b.n"......I...A......}........P$~4$'......C(..b.H..'.y......g..K.X..v%..JQ.,+...P.~.B".....w.z:HU!....7..Z.8..l..z.u..L....6..S\..9...y1..`..g.3.v...HY#.....a;..J/R..[P)Y..{..%.......r.'.....;.<..~.t......[il.%m..y......Y.X.Q8..kz)...I....D.D..e.y..Q..*..+...r0..cq.............$.........u.?x{9Z[.....7....t.b..:.w.).....e|.O.....Q....}.]y.a7....,'..8......l.z..eo.y..%.S.p.........a.F..........;..2%.,..J..o*UH.N2).t.....oy.....S....^.r8.t../.vc..f.K.H.....\;..T./Q.8. PR4..w...^.+m.(............A...Kp;=.fo....h...z.....+..;......C.8.n).....4M_..o...........k..,.c....sd.. .....)..6%...`.C@..A.....%Tx...%.........`.....9Z"...x.v.v.f.g./....Er.\.).....Y...%.{......nm..4N3.^...6b8.U..6Y.vFV.=.....O?..1_i.....@....~...
                                        C:\Program Files (x86)\Internet Explorer\SIGNUP\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Internet Explorer\en-US\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Internet Explorer\images\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Internet Explorer\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Java\jre1.8.0_211\COPYRIGHT
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3778
                                        Entropy (8bit):7.945742249978101
                                        Encrypted:false
                                        SSDEEP:96:twpIGK1XrijJWOU3BHMBikgplCtfAp0eSS9CIeMTXr:tws1XriFWE6CpAp0mkIpTb
                                        MD5:3DB9003D4057FBBCDFAA48EAB95D823F
                                        SHA1:6A928BDEDD8986428B4FAD8D1172F69D61AFA078
                                        SHA-256:75E0BF34ABBC01A36CC068369A60CB4C49139BC3B8F1C719BB3EB6FF977FC43D
                                        SHA-512:C73FF924A82CBCD4391B3B5445FCF38E2608677586AC03F60691F728052AFD8DF6B89A1C66DF83B49050DC936246448ED182FEC3A1C0C57DCEBF0D7BD48107D4
                                        Malicious:false
                                        Preview: ....S....0SE......{.a.V...lYhy..I.c2...!.j>...' .a...R.WQ8.....+L..k:hl......s-.)H$+ee...#^.....).0"S`7ns.~..sl......c.......gJ...M.Rf.e@...?.......Z.,M. ..[..T.'...F...H.t.Z..+W.RPSDZ.]..v...5.F.J.;.E.U./..$.F.n....3.....~^.#...k4...8.v|e6.las:J*...jV.b.l.....j..)..j...T.h8DH..$]V..?uxA.^.w..v.....1"R.P-.#....XT.`.j6.+[2.,.....c.Q...8.D.j>.Q.....U..n.......;....8^...........,.c...-U.T........x....../h..p.'...@.....@.[. ..M..P..e...#K!'sk...h...7}....ZL....L..!r..r....Zt....{..lZ]JT..............$..........I.|.tj.{Q....l{...+G.h.....i.A.~.J.8.4d..VOn.eG...q.....r<{...b.(G..*..p.+......V..R.t.Y.@&........2...8...>..~.G......D.Z....08*..v....$..o........ef..f...{~.......k.i..|}#..Ej.;$..u.$..N...$..&..{......>\AeHF.n~.....SlM..db.?.r..[ExG,...u...;bv....D~.;..-.....O.....\....n.&...G-r....^.Q..U..1w...(.}X......j.x... ...4.^R-....V.X3..^.P^.+..dH..co..5g.U!e.....U"....B.i.DT......c.<.Z<.....7...Li.:...ukQ...Y.U.......K..X...7..2G..U.N..S.G.i..
                                        C:\Program Files (x86)\Java\jre1.8.0_211\LICENSE
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):578
                                        Entropy (8bit):7.561650155499217
                                        Encrypted:false
                                        SSDEEP:12:P+ytOj6VF9/2nNPVFqKvX2Q+ZHL/qYlfNiW33a6o4g:PntOyF92NV4Kvn+h/XfNiW3Vg
                                        MD5:08027A5CCB0C3D6E02998D6F13918C86
                                        SHA1:D25E5D25E98FC234B1EC3FEB9B6AF60D151571B4
                                        SHA-256:CB2178CB08ACC692398C0784684F63F12F94EA26790B9539159E73EB6317D771
                                        SHA-512:8964740B1FE49FC0B1570C219E3C14E43321F7DA643971F916A40900E410FDD0E8E8B6B7411F4F9EAED5E37171FEDDFC3023C379E00386FB402F3C0F62857878
                                        Malicious:false
                                        Preview: ...]^.o.o........s...TV2..?...^..x...b.....u..-.......S.,1Q...1......0.....N3w7.x../]%.2.^.+..+5.9OY`6...h....YALH.h...=......1.Pz.J.5.6...Z..V3.3p.Y....f.cx.6....I.....?......W.W.N..?._!.......jU..+[.._.>.........R.oK....F....Q..a.[f....m(...6.XX..KN3..g.}.<."....S...T..K...X}K[..e...W.....#e..../S..=Sq.*N...WbM=.K...Y.6.P.;u...l.E$../lm>.=}y.I........\.......m.r.c.HRX$J........(x8.....}w....]..F(.q.D.v.Mo.....LN!..>!.H1.^B.o..X........7.;..N.^...g..]... p..;i.....Wt....Im.....XRw..J.d............$.,.......J*....jf.[I..A.1.1."...t......[z.......
                                        C:\Program Files (x86)\Java\jre1.8.0_211\README.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Java\jre1.8.0_211\THIRDPARTYLICENSEREADME-JAVAFX.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):113282
                                        Entropy (8bit):7.998100824777746
                                        Encrypted:true
                                        SSDEEP:1536:urs6cjAVlDU8Vq1d5mAO4nWcXCGoqSCqmBnMwv/JproRCNQiuy1IKFE8IesGkBOj:uI6cj8lc20CSBnMw3yCCiuy1I2Edlkl9
                                        MD5:1CFD8CBCD6EF4863B33A589B6D441256
                                        SHA1:A9B682B4F3A25923FCDDE99388F222EB4B648FAE
                                        SHA-256:2AB2FBF78E3E26625111FCF8B838B10E3CF1F3BEAFEB4E9BA19A6113848E37E4
                                        SHA-512:BA1DC114D89531F1698D9099640C8214C89F49E11DB43C789DB3715DC5B5764BEAC8FFDDEFEE16DDD012A530302B263214D4BA4F518672D0E8303F69F95CCE3D
                                        Malicious:true
                                        Preview: .<k.9...WY..........j..41.N.X...V..q..u!P.X... .z.>...o..<.Ped...!.."..# .V.7E..'5..w.;L09b.?......t..{.E..../..k_.X,RR...q.L..(F...=m3.-B.?._..,b...i.(Ei.H..W...S.....H..o..G=..r.l..UD=...]..6..?.FAU0#....}......_.VQFDF.....n..]..K..l.......$.s..n..9.....I..7....Z.&|...j7q.S=.|n.@s...S....Xy+1.7...kF.1..........K.C.U.6H....9..v.x:[..f.#.z....oLU.......m=..+..1.Y.-.F.H.S.....h....^.wy,.6.y..at.....j.F=i..\.$q...]X...\.8...q.,.b..G...uH@f..a-xk....uI.5......m....7Z......x7!@3...1............$.l.......w...Ct..H..._..Q...4...W..EHi.a...L{fD..&...../......>.K..)yW.$+.UO.....4?.sm.....X..M...k.........~.|........L82=.o"@O... o..i..;..... z..U.C.U..r.i.B(.$._p.v4.2..XQ.*.= .![.,.Is.......9.(e...C..x..UW.nD.....t....!.......nT|..A....d16B$..Q.y...b.O..].Eo$e_'.?..5X:.@,.3.m...6e."h.........h.z.r{x.M.Lt\2...D+h;.+o.#..!....]f...}..hIR......Q..h.G.+....=...*8&fH..o.....o...;!.I......[B.|.7...se..[...HL.EL.1...8E..P..!o......d.~4....v.v........
                                        C:\Program Files (x86)\Java\jre1.8.0_211\Welcome.html
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1489
                                        Entropy (8bit):7.846159990028885
                                        Encrypted:false
                                        SSDEEP:24:mj1nzT27xknOMaY+PzKsz5iULsAxUeu9uoqqed81ESO0FNx5HVju3mDWf:0Ni7xkO5nL3z5XpOemuFqe61Frqmyf
                                        MD5:14EF8AF2025717613D4AA5AE89CBD282
                                        SHA1:7ED74E6B424A6756161BFA6A02596C4E77DCDFCC
                                        SHA-256:F7F0E6A5A76B61401F530E64E1542FB40B1F739B31C086D86BE01D52E1B1B675
                                        SHA-512:93A3E5D0891BC2A7B99C454A203710615CF80B39A55849937EECC8D8DD7E3777A403A462C53CCFF8B88AF69F7C22FF6546F78CE556EDE2319E525011717BB5B0
                                        Malicious:false
                                        Preview: .+/..F.8A|).?.....(......XB.8..=........Z*9..s..-A.d1...K.UqY.+G...W..2.@4Q...N...._....M.i.....Tj...<..c...9.....yN..X.Q[...1J....2.M.y.8o\..N.Y.j..F.*3.z..D.Rm?V.LUp......W.....^._;.l$...*\..........1.+..o.cE.c..\....r.....u.d..PEP..|*..........i...*0)L0.E..n.{..n.?3w..{.@....<....0."`b....&......$.%.8.PE.<..s..0..8.`g.{9....UO?lX.........qC.A2.W.....$2....gQ.Mw.C..v.6.jJ%K'..&.n......AzmI...s...r.v..Dt......QEE.ZG.(...N0M......|nL...<.?E..(...p.(@...].L..e.\!.^..W.i..0..?.............$..........7=.U.QT2F..E.....d.. }..d...].@...G...5.....x..Dt..q...........^.%{E.W.H......../.Ht.5...Jl.(.....-...q..g.....=...+.2......J..M..8{.Mf.o.........j.g&g5...[`.=T&K....1.\.4tB.../.3.=...{..lz..^.iz.._,Z.....<.p......[.......x"Z.'.<..e..E....5.,....'?Iq....t#Iy...b.B.t~GS.4.UgY.....q*.8.Y.]...&..v.I...!/.4.d0K,.g.....h.RZ..X......)"a.TD.XO..B.--q#..`5..%./...B..<.^.N.=...X......7..@.q.l.2y.$...%......".>.g...ea[.,...z@...L.b......i.[...i
                                        C:\Program Files (x86)\Java\jre1.8.0_211\release
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):959
                                        Entropy (8bit):7.766378856731835
                                        Encrypted:false
                                        SSDEEP:24:o9CrYlMsjxCGmWogIdf0JDN+wwOjHOOR4hhW368scBjiUqM:ogKeDwwOzO+4hha/2nM
                                        MD5:772FF7E0FB1C0A27875203BB90F20FCC
                                        SHA1:F8CE12EFE544CC9966CA42B9A6B4F0D7E1634489
                                        SHA-256:CDBC8F770F2E9CC3DB01498D837472EEE87BC99A965A6BFD1F7D970821CF0283
                                        SHA-512:8D22662C8A298CDAD686E3F98F537380D336BCE9DBA5A10245FCDE82F0E01EDF8D7F21D37AE9604825B3EC7F1BC5485F4A255BC2F7D81DE94B13833B041BA543
                                        Malicious:false
                                        Preview: .v....M...8..;........x...;%.a...Gt..P..c)..~Li..{.nQ>4.l.-..*Y:..K...>....^O...X?...:...(rmS........"..,q..=....z.J.S...\.6\..z.L....,....ybF..mL`...4..S.h..N...H.<....@u.K95.}..Qu...:...^.n..8.k..G3o..x.\}..d.m7...n.i.FQ..x.<LZ..1...,.c....L.....l.C%..u.,..1R.Fb.N...D\...]....x...8...:L.A.X@...*....$Lh...H..K......Y..@..t......R3G[....2..].V.AAv..d.P.#<.....o..%..3....6..Z#..A."....!?.......wj.....)..7g9.J.........T.......cGk.. F....N....g....n..i)h74.T.?.[.F.?gN.i...v..)g.............$..........._*..h.6...M.c'i...G...+..`R8.0.&..#...n..6..<J5D{v.~.K.5...cf.q.?H.....H...L..yuw)..P...U.U...k..(..".....)x..'.c.....:.....m.DA_.%...s...ty..j]...;..mM....5...,..IF..W.....j...xW..O.*..r......q|c>....o|.....N..d'=..b.$*...&8x..O..8..eX..W..w...Fy.,....S.P......Ok..{Cm...U....5..\;.3jQ.........$...{.^g!.x.X.ex.c.1.,.[..#W8}...O...!R.N=.."..)[[...Em..v.rW..Y.g".?..X<.v..,..{....c.g....4....._T..t.xs..bJ
                                        C:\Program Files (x86)\Java\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\MSBuild\Microsoft\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\MSBuild\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft Analysis Services\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft Office\CLIPART\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Facet.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):738963
                                        Entropy (8bit):7.999749253750262
                                        Encrypted:true
                                        SSDEEP:12288:aOLEmEMOU12h5rP2Q+pP7TYyW9eq1KZ5PzYD+4TTSEQW5iihYmGI7icnGJOZ:aEEmROrPdS/Y6fzmdTTMWHhYvMicnGC
                                        MD5:898A4F939043D05094779746CE37B7F9
                                        SHA1:BD88CCC8756D18161BC56A82322256ADB75449CE
                                        SHA-256:4AAC8B6A703A80B3D3116D0A46FE72037ED3AC9D7F439BFFEC4D255720BA2677
                                        SHA-512:809298B9360A20C08BBE9DBC8756D7588BFC28826AB078A1A90339AB6D1969FAD0F7437F61C4B5825252898C2A52218EC867D9155D727C1B7CF391169A67219B
                                        Malicious:true
                                        Preview: ..zi<vs.(../..b......0/f@..O.S.o.1....wFH....K..-k.{qE.+.<7.wM.I..k..Z.yB.:.4...x....i.].#.....2...E..S..s(.L..6.kWt..<"i...Q.:|d...w..G....s....gv0u(.g$.......V.%G.s.[.3.(A.|..+5.o...j(.Ah....&m......L] ,)H.j.{.F.l....)..(..J.. Eg9.,....i..x..b!.W.y^.i..ll....n..|-....\".....(.3a+.....J...9...U.]..W...%0]......`..o>...D...U.4..1.`im.7.O..t.C....#....n...gW.Am.]..u1p..o...O...G+.n..<e7.P..D +.._.....S.M(...[.=.U...@.u.....E.........%i.....o...|-....5.\...v.T..?...p\../u.|....~h.............$.}D......t....iMj.R5.r.j.6...|..h....AK..=.7.x_...<......./......m..{M.=...IT...RL......`.sv..Q.S......Z.......)...w...-.i.5B...>..../.D.....E....Gd...R.q..v=..W..{z.............'.aN......^...h....h.x.FW=.n..&.$Z..9p....B.|.Z...3 8...._.5........w.......x.I..uL._...f.-<.m&.(..$q.R.v.?".E..<...j......}.KF.I..........}.0...96..8q...}.J.=.\.U ..^xR.W.&U.7....{'~.....+.=.....1...?.....U.%.N.SbJU..y..i.;KN...WG."w....+.&...mr.$.../M.n....b.u.(..
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Integral.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.9998025197285525
                                        Encrypted:true
                                        SSDEEP:24576:Qksiyw+o/YEKpXld/POxi4nYbBPDmD0QpbaUE9kn0P:OiywV0Xld/Gi4nYVPDUaTI0P
                                        MD5:D33F54BBF26ED6CE56E7F617113D047D
                                        SHA1:5F7E8A9FDF51B0F4935531596C3C89C4178860E8
                                        SHA-256:6DFC7896059E66275F21490E008056C7041249516C4B2D6B051CC0DD800B62EC
                                        SHA-512:D1986C47BC7ED54987DF142EE5B67053C99751206674EE0F870AE1AD68C698622663FEC2A205162A69659B4750CBC2FB9262C929333809616A7C8A1219EDFBD2
                                        Malicious:true
                                        Preview: [..`....i...A.P.....<$.....v.i.....P$.*T....E.....L...X...d...?a.U..1.....%/.{w....@H.X.m.K.......x...I.W..0..\.Y.6h.......[.S..YE.j.....H.~2.d...{......m.">.r..\.).....h...H.hP..z..Zm..........,F8>.WZ..T3......s."Yn.U.+.H.. c..T...(..<.E...Z........x./.@.&..73...{...@C....d..kW.{"5.;...Q..-`.6U......N..$.z.U...A......c".:..'.s-..R%..^..6..MyZ....p@.v.>..4..2..2...O..\.1.g.5..6.U.H..il.s,...e.R..Qf}U..........}..........\.VxY...y<.P.s.&SW.xE......,...x.TN......Y........{D..$V.H....s.............&...4..... .I..:.o..b.........6 ..F.I.s.....Pj.Tu8T.z.Z..........qM.8....z3\.1..9j...hi .5...!.Yt.:P.B.V.s..../.y/.:..$a.....0c.&.p.......h.\.w,.......a...&m...z..< .}..r..(..FB>.....X.......... ..%..yBP...\.......o}.F\..dW$.lg.....o..b. .*....{..@{"."a.|.A.7.Y.D..'x[....8.%N..%......a.3".Pr....Z......-..`8.>...7............b.9J*..Zg$:.Rfd.J...#...~...*..Ex$..3.vq..m.b...t..-......S.[.z.m;C_.A...(N.....6....~...z".\.2t9..2.0).kt...m..h.c6..],?R~....\.R
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Ion Boardroom.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999828238414995
                                        Encrypted:true
                                        SSDEEP:24576:VMzLbzA0c+ZR8exQkbH7MypLo+LjXZnrj8kp:Vkfc0cFe9bbfpLFvZnrj8kp
                                        MD5:87F6BDF032F163C9B5FB34F0BD525A35
                                        SHA1:4EF34B92D2B38F206977F882B341EB04D29DA621
                                        SHA-256:00533C3E5C28591D67BF16EA41E2268AA252D40FF48CCED9C042902CE97CF83F
                                        SHA-512:07C9D5240EAAB445E4FCD41D2D0AE7116E08FE0A4C18F56EAF67C8489AEE3C511A7ED42EECB2E1194E7F3A8E1FD5985F4F3F1C57BCA524C5506F191BA04D0E5A
                                        Malicious:true
                                        Preview: .....5...l....%u.I"=.r.R.......`R...........a+w.J....aV...M..Y..Sx"I..N.$.u(.....!..?.$.....*........B..Ia..Q.aFZ../nA.8.4...t.*..|Q....M.....|sM.}..7.S.S...g...>P....);\;rw....yv.h.........E..B2.7...XVM.`o............)...m..Y...!.}../.........z.lm...-S...H...f.......@Sv.n.._@...k.F.j.....g&l..x..|UV..........z.3..h..G?O..#:.....8..M...0.L@.k.Xtz*o.).`..M+.........?].T..N..Qs...$(/.h%.=+...}.4..b^f..2..%..x'..;..=...)..t...dIE.v..A......i:1.I..T.S.....}.#...p....|..X............&..U......_.L.F4'R4..^.>....yZX...B.P.I..}..?l ~.&.z....*i.o.C. ...;v. ..g.9.'{ZQ= .:Z-..#.4...].'1..k.....W1....WG;W..W...{.......@.w...^MUt..5%M....W.X....g.W\O.Q.Q.!G1L.R. .?.B.......n.{....S....s).*.q.9..8...-Uu...(..I=...1h.D,..P.B...f.s...1..).j.H.At...hT......}..^9.aS..... (1.]J.(.M.%L.F.mc.....C.7.$z...+.~....W..X......bi.x.".x......>.%zF+.....B?r..'-..>.R.b.9...._..U&.\:.O. ..74....&......x4..$.g.R]...Z...P7.....Pp'.}.T.w/MW.9..SjQ".,.4tt$..3.@
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Ion.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999839875960051
                                        Encrypted:true
                                        SSDEEP:24576:LWINrZJh8C/xaxTj93UoX7f5LioShf9vORjBzIj4DMnTqt+3U:LbNxkP92XhBOzzdwnER
                                        MD5:F890B0B64C07AB0AF13E85D4F25C2794
                                        SHA1:A1DBF19D8D6EA5026136E9903A4A163705414A5A
                                        SHA-256:C01FAB800851034D2A5731760B97C78EE95B07AF6512232F072C8A20081F1D1E
                                        SHA-512:B78AE6D48A3C703217CAFCD23CF7506DA1F02B45CBC931C1B7A991135E264A8D76A44F084C3D129BD0ECCE79036CFD4BE1BA03960A01BD70504959FD77D07A99
                                        Malicious:true
                                        Preview: .~i..j.W...k.h.A+..W..../M..>.k...q.?2.........F*d..I..K...;..............1+....(.;.U.q.7........H....2...2bi@..k..3.9..Z..g.m..B-y.F~#./.0.ux.3{..aKy.........]7../7...CH.F..i..+hA..#5.3..J.8.G.h.8.*....)e....O+I.....)<.P.y.a...k[.Y......&f.eJ.P.;........`..mP.....~.7 .+L..8&sG...a..=...Ex...xj...c........_.'....T......B.|.<r..\T...px...X..p{....-...af........zz...a^X...p.B.....xr...........i..J1.Z6..,.........0g.:/u..".....W.t.va.D..T}BF.P}.&.J.Zj..*..S....vHTr.JyxX..*.twP........F`Y.h............&............yl..y.M..}..(.>....0S.....5..i.pp.@jl$.x..-;d.=..`{.u..1.C5,0B..y.."|c..u.[.Z..J..........1.8t....!m.Y.t r.!cOdtr.........0[..)...|.K.(...K.....@..b?.K.B..j.........=.K.....,b_Rr.ra.~.....N.Q7?5.1...3.:.#...O...j..vv....W..0.'mI...p.0g.U.iK.?....\...<i.n...+.`.Q.-..D{.l..gdK..b'...Z...R.k.Q.v...|..2.......T..~.6RR{.....jQ..W...F.e.&.q.=s.C..P.....7X..k.3.].......Z.O.H.a....n~..#?.mI.o.=6..F.=.@...K..j...'4...]...O}|b...i...._.T.zP...h!U
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Office Theme.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):326561
                                        Entropy (8bit):7.999470575442633
                                        Encrypted:true
                                        SSDEEP:6144:Pcb5zJeMNq4MHyNBne5Vk3la54F5oqsdwwQ4SB5fXKmtAqz2lmdgMdF:Udz0MNZMKeXkVWMhUrhS/Xwqz2SD
                                        MD5:E95C903A70919B86CE07AED955DE02DD
                                        SHA1:228242D2B19FB8B63A8CAA5EC05194D6EA50CAA8
                                        SHA-256:693FCCDD057F119D88BBD1C17D9A0693C5FF8D7F3C4DA7E6AC4AA2487081AA58
                                        SHA-512:0EEE021894355E99D9AB74D82AD7C89F8DAA30ABE7CE613CE9D00A1D3363679C873D7CC9ECBA81B2F2F59A0DE0FD7CC6484F6C39FC96A3A57C9B840C47C73161
                                        Malicious:true
                                        Preview: .......*.X.;~.%[.|E...B~.R......,..?A.*)qm4.+..). .9b. .o....Y..w.r!+..V...>L^....b......V.+....}.w.....9.;O]...^.fus.]..)Y._<,6...H9..LU?Y....[..A...w..m..L....=.P.\......R...A.N...Kc.X\J...._...1.r.0.q.ZB....0_.-.9..ZZ.......)..#....H7...2.G.Li6..P.`.7.dk...H.....7<.u.h.....|.7/2...[.B.>...#1g....m.>u.dI..a...hm..D0.....uxRM....B>..N $..57..t.V.+C...9.P...+..X.dac....'.....l.\.,.=U...-+..Xw..E..L..n...O*ML..r.a.1|.$.4.K=A0XCw...l.^...t(.L.....s...nzW.......h.eU.n4(....Qf.. b.......'.`............$.........0..5.,..C....(.9!...~<...<...Q.....s..E.r{-....9@2..U..B.....sx..l@.......h......g.......TF......>$F.....R...o.}!/..D..Bf.........A....-.`.a.~..A@.!.K&....}.>.S..T....UPh%....}..p..S..:........_e.....z.9..D...Z...~..O.@i[~|..`....2PH..0.c..A_...aE.1.z........1{...f2.R.,y..Y........qI`..~.t.q|.R.....o...Q6...;.LUc...~...S.....lA+u...*w.."qnj.. ...Xr^...xW..I?.ey.{...+.pZ.#...2../i#P{.....6..^U.9..G#U..../.1}....|.k..sT..._... . ..|.][.?rTZ
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Organic.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4353284
                                        Entropy (8bit):7.999953712039715
                                        Encrypted:true
                                        SSDEEP:98304:8m1m9nfkebFyfkYxVriwkWe1zCPVo4dBR3YrLOFpVElcRhujNCNXf486:8mTsFTYLmwkWe1ePVojAVNcNCBI
                                        MD5:F5A29C0AC9F82B58ACBE1E8030829096
                                        SHA1:DA2F20956787AEBE308ECB031209C0256959FFD9
                                        SHA-256:B8F0307AC6E6066A066EB22A91F758FE850BAD32AF43B7D77EC216E96F88E866
                                        SHA-512:FA11812D6AF7E6B544B394E7458A4F2C378DB618F2436270F84E29BA371A6817C0651E52B4FF71B68B7E7EDF117EAE1AD33B982B1FE858B9BF2811EB8C527D66
                                        Malicious:true
                                        Preview: h..f...C.M.j;.......=M...:..r...n...^..W.Q{m.n......z..........N?....r..%....=W.,4.}.S.WX..++.......G...A..`v.L./....@y..,.Y...K...`xGX.L....v...O.) #LQF.8..=\m<......PF.J..*.].O...H.:..W.U...H...H...~......h.....1.w.` M........e...g.......kT.i%#1..qKsn...gj.8c........j++........X..s.d...Gr.?=}5...g.....y...&5.r_GI.....8'.^..s...%..X......W&I..|./.-<.6...............U.r...q..7....(......#..*.i..H..I.yl..P._...6<..05..W.]......6.......Gg%.T..v....pJ..8I.5.......?0".w..p...Y9y.?..............%2!.......4..D...b1k@..o....A..)Z.C.\.p.9.u..S.~...E.3e....h......f.%..R.W..oA..q.G..{....o.%3%t.dbj2.....f.....5.S....l......~...ht...X.......zC.{...G.x.D..e........czM......v._..1P.#m.....(..=......1s?..d.gz .]._..YHx....c..;.<...$e,..../.3...?..n.......>}#....r...........J.L...{...VR...Jrr.gd...kF.......B.~I...."....8.Rh..).*s....x.k..w...$.x2...{........l..r.. ux..ZJxT.PT.1......W:#..yu.....H.Z..h..z.OCp_6.].uo."..\.t.e.5J ...xj...,..C&.z\W.k.
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Retrospect.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999818436597033
                                        Encrypted:true
                                        SSDEEP:24576:4ddyL+z0hFy7hVC/E3/opCJe2bWP369AkFCNdnfZQ6:4ddXgXyVVSE3/oeeiQCeNdnfZQ6
                                        MD5:D3070979D30B7372D58D55B6454A4E0B
                                        SHA1:13ACBF0D5186CA5624FFD137F933D8AC83C80719
                                        SHA-256:BD25CFA7A9DEE0F1986D0FA5758CF9879587C5ED947E3F68380ADFB1EBFFB29C
                                        SHA-512:0768674CD0A03EB274A781AF043DD3BABEE549B0CBD812562A52A3CB6CAE53F962D5DFC8ABAA849CC4EC17692E1E57BB19B71B78B9D80E857DCB6523259F8272
                                        Malicious:true
                                        Preview: X.;hM-....^...WB..b.....V....Q...)...|2..}.i.Df.E9.8.OTr.1..b..X..X............DL`.......LY....}UU..r.1_.M.)L.<u..............{.b../]J<...Nx.B...[..N....l.-P.F\0....i...2.-#'l..v..'.5.......$>......./(Yd..."qOP.kb..q...*...}.j.P..I.q......5...5a..$tw.d.pl..n[5.~.b>o....<.Y..c>GK..=.u+9..(Ho...c.<...2t)............c.RV..XL..5.n.=....*...q&q.Z...F..K..Z.....<#}.14(.......);p...x..+...x.w'.F.|...d.c#..);Kj...I.......N.=.lb.Ok./.J.Q......ch'..'...b!.(X..~..S..b.oZ."'....*...12S.s..25.E..............&.........:@.r.l.a...[O..E....b.Gf.l..>.....o....K..U.I?....T%.d`!x.....I# .C.}...](..<'...-.....v.!...I?n..][.....<.....Z}..l.rw.8..!.H...L!.+w....Cl....Eq...KI./...,.....\.%.M..m..p.N........L~..|.A.$....mO.S..{..8....>3...9.....\)..(.A...C...&>.=.i7"@...9.b.....\...o....uU....&sWK.^..s.n.4#.{|[.gq.D.(U......`.}.2..)..f@.}n.m._...........!...MI]&.5...h.B..Xl.<.F....:.>u..g.<RQ.q\Y..k.`..d.c..!...6...\...f.?3...(..i....Bc.......{...p[v....P...f
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Slice.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):865344
                                        Entropy (8bit):7.999769515643894
                                        Encrypted:true
                                        SSDEEP:24576:BwlomGJVtSpPWbAhqYX2l5kK6ttXn/5vIUIc3Nxp:OqJVtCObAh/YuN1NIc3t
                                        MD5:4E1E4B6007DD54AE509EB654B37174BC
                                        SHA1:E6F7394619E672A31B817F1D8CD718357BF6D779
                                        SHA-256:B7FDC5FCC093933E1662DB598ADDEEE3C67991C22065D97517AF36838F2B4461
                                        SHA-512:A4D260BB723DA1A2F09459FCA7B1E3AAD743A936B22845B5255836F6AE9403EA236111234DD2A126AE940BC903867FFA22210881D4D30CF4F93251049E90E845
                                        Malicious:true
                                        Preview: .U....`c..o.}G.p'.8.h..Dq.....K...C<r.2.j.5.j}..s.....UnB...q...o...I..|L..X.Q.Gd"......zD..}.X...[.$...@.2...)2.e.....P....P..NI..N.(...^......I..q...n.H..zB.3%HI....mN..pm....wF....C....,..o..9..P7..b1o[#z0.U......0.[Z.:....B.)..lc,F.`...;....*0...........xdw..%........y|idl.4+..X.>.$...P..Q..".l.G.$_.. .D.R.....-\.v).&.....v..bm......!.2..A.K.y..37a............l.TR2I\.^.G8.....'.:..H. ...F.....O4..1&.a.M.*....Pt........YG.-.....<..'.{..;6.rEP..2..f..#.^..I..^..)2...V..P.=...y>............$.*2.......t.qeoh.Ng3.3W9.\ ...W.=<.n.+2...4*...;._.1d.X_R..9..;.,.".3...m..........c.=...f....~!t.R.a}..c.=h.2P8.....D.b.h.Z.M.....o...........gs..v..o......w...Z.s1W...7..g.V.?1.......?......aO.X..^&L.....n3...v.m....T}4..W.].,..M.1.(E...`....|.G.......%.......A.1......h......Dm...d"D.j...0@..U..{y...W!.s.K.|.c.....'..?.o .my....'qU....h..I#.......f.Wi.vXz.k.m........`.........|7.gj.....M.f&jX|P..n~..;kK.F/....$.KD...;.|...7...kF......h..>.
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\Wisp.thmx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):772567
                                        Entropy (8bit):7.999773240268339
                                        Encrypted:true
                                        SSDEEP:12288:YrsWWbB05eTeo292QjZurBNCEOipV7hUONBllA84yZps8DU+aRdtPH2eDo2oBy:YIWW4eTeo21ZurjflX7z/lAzoU+aZHnv
                                        MD5:B20ABB80506F0B82A7FC9A43E38D24DC
                                        SHA1:B14BFD221EABE98FCC7C0D0998CC61F4BC871EA5
                                        SHA-256:78BB5726BC4D31CC2F5C929498B2E633EC0D828BE65F283DEA8722BB89238885
                                        SHA-512:08D038FF3BE0F7788BE6B5F008C17E4764AD0E672F4F4ECAD38FE5D4958527C2CAA9673E9AA52E229118F5309896013454AA3B50D0A37D6D642FCD3CD9DA4099
                                        Malicious:true
                                        Preview: .#%mj.Y.>U?..p..,.....A.^g....\..A...b.Y....}~v[..k9.*...e... m..V'w...IAul...f{m.X......o.....2..(...D.x..9..Q........?..P.........y..K. ..@....W..:_.)....:.....PetR\.C/...|0....:..UW..t.^../.?k..Mp..E0b..F............V,<i }......4..X."...uH..(Lv..=.......<......._.q...jc..&.....2..$.d.=Q.....nP3.._.....7..#ZZ....m...q|.U.9.g.p..9.a...l..O.'.8..O.Y....5\..|.....;.k]t.i[......o....t..r!1..._.&.X.t..7....<..{|$*..v8...zY9...'...|F...?.O.Fv..c.-...._.$."cc..l...:.X..../...................$..........=1#...a.~...>1....a.p..........."tE.X'.0w....0>.x^vJ..H.q..$..m.7rp......&...j...C....._.j........Cj..N.yO=..F.y.g)..o[..KY....v.#.#s.i..v.GO..F=|.H.H...>."..<.a.....'o\[....._3v.x..Cg..UhI..0..Q.W7/''.].MD.[.*..l:.....nO:...k.;..T.^..KW...Rf....:.......-^j..|.{...E<....')=.0z....![.q...A...ue.v.h.0.......|.}...! Q.c....>..u..}.6h.x...a...(E^'.D<..W..to.PQ.....U.I.....:PH.j[k..o.I.8|..)m.}M.<.e$..X..>.cT.....R....g.Y...p...(..dl.h....r.....|..K
                                        C:\Program Files (x86)\Microsoft Office\Document Themes 16\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:24:DB9F2O9BY6XT0h/pOdcKuKq7O9QZdsUH7NrMW/eP/:DB9F1BY6Dg/kuKq7O965H7NrMW/Y
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft Office\Office16\BCSClientManifest.man
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):27361
                                        Entropy (8bit):7.993051642974953
                                        Encrypted:true
                                        SSDEEP:384:s5+bYXF5FdL4UOE+SLqMateglggm0ujMlzQVX3MPICyBRJpJji1MJ5tMmW8YvvGC:fbCFXdFdate1Ml0VHGIzRJppF5CZ7b
                                        MD5:33CC506F2C9EEB05AAE910AF3041BDC4
                                        SHA1:959B88D376A75DA3DD48FDC01AC7203AA2E4151E
                                        SHA-256:D1F4C1635C44C8FCD5CE773E06845F0CE240910BDC260BD2FA4665FED171ACA0
                                        SHA-512:5284F6F81CAE42D750583B1A9D770AE603B3FBBAD51D1F3AF5B3EB4278DFD4E5AD4DE27D1A04EDF45FD542BA2E27EF11154AA8571CB9CBFB1633B0BF47398F73
                                        Malicious:true
                                        Preview: 1.K..R..8.J.V.;3.....N..W..w....=sl@..3..x.{8..4..{W~.h.gD.4c{vq.^f...l..i........w.`z.Y|..'...E....V..g....jR.T@7.....H.... ...F.. 1.+V..$.w..0..|..#3..6..A.}a.~....0...5d.qo.}{j.z..ze..W...\.0O....+....S.{.S..E.._.{.y7}k.q,i.PwcVQ.%.b...8SFK\*.'..e....W../=.2..>..7..G|...{...*....p.Z...mTLB..h...........8)..=.8.......4W,....j......9P..p.c..n.....0-....3de.z....1....5.{a^.-.........(.4.....PP..;w...y<.Q...<..&.&>..y.-w..~.f;f...zR..m....WmU......[..`.x@.i....LLK...^.3.W.Z.....=.v"............$..h...........C{z........2A..}n..Mo^w.;..k.....(.l..._'.0.....*o...q.l....;S.....F..H*.v.B0d.=<.qe.2.....t?..m..N^k..V._...^..?~d.}......_9v`...Y_.,..q.....wO`C18 ....Z...G...6MPNl:]_.l..e..fg..7.v.6...L...K$..R.../2...CF....9]......!0I.p.6.TJ./.....h.......d....e..!...0..."...k.v.*....x0....C...Y..L.{...lX..|n.g....r.EL.L......z....}.r .}...%...}..'.e9.Zk..a.A........M...A.E..........(.[....{K.d]m.u.w..pV..@X....,b.w.S.l4...,%gmv....]yc-.. Uh.c.MS.
                                        C:\Program Files (x86)\Microsoft Office\Office16\BCSEvents.man
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):40724
                                        Entropy (8bit):7.995535174152902
                                        Encrypted:true
                                        SSDEEP:768:UDScpEnM/iPzPgU8Ty5xY1VIFafDtARuH2F7SAEHBfE7fJ4JlYeOm4o0Tw:yS1nM/+zPgNrS2Bf2DEHBfE7BsnDSw
                                        MD5:F187EF5B28D10C7A4EE4E4F59FBB1A19
                                        SHA1:96C913AAB227014B41846FD96A2F6559169E2C30
                                        SHA-256:EDD415AB4CA18302452B3BC0274CEB79B1828A6970807AD74752A6CBFAD9F4EE
                                        SHA-512:3E404B4E6F08C217B55DE5BFF58D7414B372E3296214838746571C23D1F363E92676050AF540462A24FCBAFBDE0866897B1E1CC276AABD015705D56748C732BD
                                        Malicious:true
                                        Preview: ..l...5.....<<..\.?.a..{.r3.g.H.L..]....OV[..6..F.X]'..!...z..X...`U.4..:....}__\..F..m.21N...lE..HZ......x....H.TQ;.H..xnm...)Y}.....vu.$1......u..v.5}Z.he........%..7..C....@.E..v~......!.....c...s..~v...7.=+.m3.c.5...G.....8L.-..........{=..DaM+....s..iNd..$Z:rO.;...V=a..GG.._s!.".t.I.`m......J5n..G.1....9...........eJ...@.cIz.."xj.D3.4.....V..o.P..y.....@.i.4..#7...f.._.>\..(`..U.PmM>......a .5.m.~.....4>.....X..T......\~v0.. ..Z*_.4v..,...x3...H.I..7).7=.t.p[N.........p.['..Q.9>w............$..........1.N.X..V..m..k.......!r....s(.9.]..O1.+=.[..=s[..F.P.0.1.d7..#.']...($7I..u;Z}Bk"\.wet......._7a..:.b(..K..j@[.f.2.p..?k...Qy..M(...1sG.e.9..F..)...XE.u.w.ZT...g.y.i .Wcz...ghsk.*..L..+.,...C.h.=..V~v..E..........k..v.x..y..C.^....Ol.Z..>.S..v.^'.._P.!..$H..hW.o...Q..$....n..rI.C.'..J.....#M..R.....n..h..Z.a....`.N.\.6.Q.F..N.z}..........=B'-...... ..|...>........L..sW..|..J..9.EY......z.."w.......j.M.%..:..-b.....f.E.[)..~.[..s.....m;.=7
                                        C:\Program Files (x86)\Microsoft Office\Office16\CommunicatorContentBinApp.xap
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):466775
                                        Entropy (8bit):7.999542382380957
                                        Encrypted:true
                                        SSDEEP:12288:B0J5QOUvWUWuzWyshaZq58pQzc01gf6b9k7m0:BCW1LxzWPhanpQLs6xk7h
                                        MD5:65B305405F4D972F85C30717DC62F53D
                                        SHA1:BFD3EC5DF197E5BE8BE7998C1CCD9ED506A567E1
                                        SHA-256:23CF746E311521B9E5B3B9D4E37EBA7BBEFB4D0CCB6BA82FF7DE1FB13BF01DF9
                                        SHA-512:F6099BD24D241825C282C792BBA92310BB207B644EB99E63C39A39FB70BD18B82AC3AC0C003057FF97833B2AAA873BCC4BD839B71873C236448D36D52DA3B686
                                        Malicious:true
                                        Preview: y-..r(c..aW4.~...H.y..v..l.|.....rY.\.~.q...q.H..;........9.....p\{...........d+...j..C.^t.p.n....ay.2..k...F.nT..R.Y.>.$J.B.....*.Nj5.A..(y5z>.K.G.(..'...(.....%kP......E.l.Dx..j.<...3...*....>...pXGak*c...wy....*..+.$b.1r..g.o......D..7....O#..8...j.........2YD.8,.. i..M.v.!.....3(.....1..,0..X...... :.F_Q.w7...P.&.N..lD......j].......z.H...T........d......Swg.....20v...T....a1...q(.FH.9..U....^.R.l....vD..........J.X..:..;.p<.RG...AmN..>N.. .....m.f...P..?...`.eq....J8]/N............$.A........aX~5.Q.&...~Y.P.Y.Y(..f[.j.R......"I..%AOW.4..K-......,=.t.BF(...^..N%?.).:.%...'...,5.....E.b+...nR.;.....U.}mw.J.'.k.".1..#.g% .1.. ........"j..3..x..q..........g...n...........z.+-.)......."...8?<....S5I...;..k.g.r.H.'..q......+....MC..U.|..{...Uz-W[......l[y.C.......!..8..n!. .g..S..')]..A_......}...hj8.}....(.$.g.....H....6......L.e......*V.%e...K.....\...-/.........9...).%B..W[.2...=i....6..pT.cF..]...d...2...a.0/.5{...@..L8......
                                        C:\Program Files (x86)\Microsoft Office\Office16\Custom.propdesc
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1877
                                        Entropy (8bit):7.889188132711535
                                        Encrypted:false
                                        SSDEEP:48:i0z7n6SQtdXAYxLZVK9wx+GHaEOChf8qgXQxqB:iYQYKL7UGHaEOChf4
                                        MD5:3E00251BA7E1CD41056290B481C8C4EF
                                        SHA1:51A0B801A7D045C2FF245DE5948D0549AEAB9619
                                        SHA-256:1A04A37EA98179911BF8695D32D245EC2F1DB20CEDF45F4E1918A22540E30344
                                        SHA-512:BDD399397C4789E1CD78B0080E33EC681E963FD06BF6BE89080818E2E0F5AE1D1E068AB32C6A5F7E0DAB3743B505A30D9AA5B5730265001B953E00413601AFD0
                                        Malicious:false
                                        Preview: )........2.......?g.....p..*...|l.&nXA{u1Hn ....f,z...c.........Q..[j..U.Hi.>t..5U...{..M........N....f......l.~.y..&..;.M..".....<.o...\.,..<E..tDm.I8.....aj.Z=>\E(.4.#7..8-.c.....A.u........5..T.|.9...0=v...N..M.....I.Y.F.e|b3 5...xC{Z.U.D..q.m&k<..v.....e....'.k..\.Pb.c.K...H.......6...S.Y.l...wy...............=.U.)...!h...9.i[h.J>dm.k...t.z.*....P.....dy[l...[Q....:..=.%1p.}.2..>.f..=G.m..%g.....kgl.^.;C.3.zs..P...<...dRI..^..l0...i.J..x^g>(.I...o*h9..... O.p.-....n....,..X..............$.?.......c..S.....A.E......v....4.g.=..r..<...!.u....(.\...7....F...B...U.=..}.....%R.c?.A.6.+..@..dz@...%Nh.W........%6.29.`.Z-a..O.....RYl.z.6j..]..l|y...e9%&3.rr. `..B!z...5.a.ni..e..hJ...)....6.|...w..X@v......9.~.K..*...........%.......y29.6N.}.2u....s.........=.#"..$$..X...3@..lV.#}p.\....T*../G6...B2.Jy..W.e.&....5...W..M)...0.:....l..6Z....v..H...R.~...C..\.3a![...T.....l....Z.P..9=u.5g.Ir.O..X2.0..H'.$Y...{.Z..Q......F4.C.h.f.se..vG.XCt....
                                        C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):872
                                        Entropy (8bit):7.742993196025633
                                        Encrypted:false
                                        SSDEEP:24:WoTTB+QLnArqe06zXarFnPx9f8S4zJxc4INP8qRU:hTTBlLYqJrr9f8F3Dw4
                                        MD5:4744A802E7A49E1DFDD9F01DF0793C00
                                        SHA1:49FCBE486AA502FE35C512363E508C05168AB7EC
                                        SHA-256:B51EC02EC426737F2B3A18DDE25E395225A53E15E3A08B2912C5DB063AEE71BB
                                        SHA-512:25713854AAC87D966247CFEE2A7DC35A61D2B30E21DF5776971B9009159DC52E2DED1DD0042B1D60AEFE4F1C4C52DE917EB1D055D052570B1C4EC81CCD9ED06E
                                        Malicious:false
                                        Preview: .l4.nL...D... .o.v6...r.}q5.9...2x.......[.h..2E(;F.'..e.C.|.a.d....<J.T.'a.J...".p.$;.6_.v..b.H...Y).C-.o....*.M.bA.}.......a.;lX.^....?}.2I'9M....m...^.nz..O...h..u.4jd^....a6n?{...?.l.u..._l...<1...IQ.._..U........fp4.].O".7..K`+wi.c....\R.8.l.....#..H.... .......Z,..\.-...zH...x3..PH<]._.)...9]5......K....m.!.e&v...d..`^z.*.Q...e...>..D?T0.d'gT......o^W:{G......w....x!dn...3...8..g0b..Co`*.f.{...U...Fg.....5._>.....%7*,..I..0...:w>H.I..>.{|e..I.....ko...C{..D6.:..O....2.....DF..s.~................$.R............(.EIw.......Fs)i3,.Z....cA...,..o.]+..{.........E...M..6....z....v.......4...2Z"...o.......N..L#.=}`t.Dt.*....j...$ll......$...gB.R...'...oC...?^V\f\.h...#..F.2........Y.a.?....y..W.h.x...}.!.!..d.....*.N...H.. ...N.4.8...#.....P....En4.j.8N6[.H.J.T:~mP].......vx...yRry...A....w.J.e$.J.2..z...A0g..x..;.*o...A..Nc.....B
                                        C:\Program Files (x86)\Microsoft Office\Office16\ExtensibleApp.xap
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):84234
                                        Entropy (8bit):7.997780560319505
                                        Encrypted:true
                                        SSDEEP:1536:C9xwxJgHaNtdfD+lloR5VhlwuSsoJsxPs+TTNcieCuZ87lgvXGCZAJb1XcLnm:E2vmaNtl6loL/lwuFo+p8ieCuZ8bCWT9
                                        MD5:F844AE80E2CED58D5993C70A370801BC
                                        SHA1:5241809FF4862DC0CCB4287DDD8B38BF90DCB488
                                        SHA-256:ABD2C10D604FA72E35DA3B0CF706E1FFB20FD7FC96242B808859CD71CACCD08D
                                        SHA-512:CB77DE485D5B966D04701F5608BF083B55713D200E4335182CCF5BB1A62D519039F553A9A047C457598FE8674EEBB50A485F3D499EB10A0B7BB88A392DB1BD90
                                        Malicious:true
                                        Preview: ..d........"..8{.Z$i......lL.$...fg.q.N...5.T.........+5..T(.E.........DjF..&.<...n.3.EyTt.:P?V.T.@.2.W..x.[.7..M3.az....... .2..b..._.G..............h1...t/.m5.j. O..(.}RD.....h...a.oD.QY.g........V.f._L=..r!.3..=....c....3..m+?...YR:...#N..-9...\.Y...m.3|....e.@v..........1.\.\....p..V9P.......-...\1`v.B.8.=..qu......V{....U!t..,.C.t..ts...4.>8}.]8......V....#..lY..\.`.'...,2.7..p....vF.%W.%.E0F,{B..h^.... .o.k.2....a....E.z...+...a5{..<0..L...j.$x...(m.....V.F..Ak.*..o.i......%.~..N............$..F......j....g.V....n..d..U...7Q...........D.<..-....v..$..xZ..jx.].f.k3..p..H.d=..Xn}X..g$`v.....2.7...~.6h..-. ./....-...^.&H...%#gP....x.af.^[p.s...N.....bDK4K....~l..I...d..w..X.O...L$....;...s..l.m.5..|.;?...lx.._..;V..gI...p.Z.<..|...L.j.~G}...R..@..L.AX.n..1.l......+....zs4F.\.....o...I...Y..H.i#IId.....e7..1.dXH......k...f..X.uYq.[.#.-.SAn(..sN_.[>...E.).....6.;......e.7.#.%/....jx.H...$.5R....CH.}....v..Q..h......F7......y.4../t._
                                        C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):878
                                        Entropy (8bit):7.737061755614783
                                        Encrypted:false
                                        SSDEEP:24:o3ygPzch0IjWX7Ljpa1+DBb2E8EzXTiKUabQGp:oCgPtIj6Lc+Z2E8EbTiKjb7p
                                        MD5:0F4CB57E1CA4074A8189444764E456E0
                                        SHA1:6C2508A99B69E62334BCFBFF0227B649324D6894
                                        SHA-256:8013BD49EA9025C8F0F722D50632FDB9C3C0F82729B21F811C324999EEAAA16B
                                        SHA-512:126C7C13D3E5D671A58C9D7735632B02EF665E9A9DEA622040C663825FE5429B7268C6D2D790F8618077899ED768ED7DAF64F618F2E931F809B608275C1DB69B
                                        Malicious:false
                                        Preview: 6.......6.-}....3.jc$..\..e.....>.d#B.]r.;...J.-..f;NX..&E.t..6.0#,..(....07m.Pjjdk..........b...w"u....w.%.....m!v.f......b...d..V...n..W..X.FKD$.7.J7.;....B..X".3.#Y....\...mLn.ZN.Jf...w...(..$.>..".N.m.d...@{...@....?.C.C./m...=b....Z..V^.0]...T..<9..f...{.;..Q.Jg.Yof}...v......h%J.=O...0.z......U.fSq.\L'.{.0...A.#.Tr(.......v.."...O..!..J...1~....S| }.{Q...'..3.x.y...^Nr....0j..sh...}x9..G..A.&N....5f.D.0....[...)..aZ.l.ml...#C..C..}..q.#.E......'...o..~c..>L..D.XPI9n\`9wb............$.X...........j6...H....'..I..f..A..u8...&..9...D...R5..Y.`,y..........Y..S..TK......$Q..>^U.wo....\..+L..0..t.0.%.hy..Z,...@R.$.Z..|\.ut:..Y...O.D...G......r"r[v:...x.......@B..........V..1.....p..>_.{._.4..u=D.q.F....D5=.7..g..P.. g..'.'.F.".....\.DC.9_....6...7V......-.U....*m.W.y.G...9cV..4{.V..3h{/.......<..n.../...8@...w).0.....#..
                                        C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.ICO
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1300
                                        Entropy (8bit):7.843931489130541
                                        Encrypted:false
                                        SSDEEP:24:pJnvLl/kGlpkRktdh+gTcDz18mIi/p1awG3XsF5akxPre4vs8X+c7VpqJ8E5Zb9E:Dv5LuSL4g4P1FuwG3XsFAkJre3CpI/t4
                                        MD5:64688CAC5E1DDD7FB8067BDD1B5AFB96
                                        SHA1:EF892FD76ABC47A3EE5277C745B8FAAFD5B24A04
                                        SHA-256:AA567E8DC7F8A73B28C8BABF004280900FD44D964E9C2AE72A7646A3812412D4
                                        SHA-512:48D0DC33A9544EAAF2CA027C263EA2E194F25AF14CDA73459EAB778EBFAA3109D79C161BFC3DD9C6C8D304D06EA4FED2A19A9FE86F4B868D91A4AB28D77A0F2F
                                        Malicious:false
                                        Preview: ..z..U......f...v...?...0...sP...<....6....P!..=.....*...w.2>..].R>.0HD.b<`...}$'.3.6...r......k......W+(%..p........g....B....*......U.0DR.W..p....C..I<MI.....]......v{N9+4O...3...iV.4..a$Uq.....a.%...qi..M+......B.+....?+.F.|..."O.H.......m%.k.+.].L.]T<..:>....p(.2...<..b.q...W.q...pZ.$l(4...@]..y!==..K/r7....q..<.5"..Y^5{.....;...(.9n..^.....8..`.7=I.g.{.....F.x.;./.Y$..6.dz....O.....~^.lK[(..H.EI.{.@..V.^..3................:.j...H...W.@....R.wJ.|..j.I.F..F.ix.pM.d.``...r.U....u;N.\............$...........h:..i..../?....A_Wb...!,@.....<.H.Y....X..d.?h..7).2......;.g...`|.H..o....@K.V._...."....F...37..B.:.T.f.+....q..Ft.".t..F....S....+.\.H:.c.)...e..`P.^<.6P.&.e.U....B.....*..I.at@..;U).j8.(+....>...r.if.}............C..K;v..Dp7...K..LMi...D..v.VT.h..M2a.....&.V.M.D..+\..6.l...y.".....w.....0}j.J..EM0O].)...oc.......{....xB.L.$.<......s.eh7..2........2.c.P....;X|(....La!.1.<;...D...Us......%.o.Es....{..~..v.....zC....s.......TBJ.@.
                                        C:\Program Files (x86)\Microsoft Office\Office16\GROOVE.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):874
                                        Entropy (8bit):7.712095407983235
                                        Encrypted:false
                                        SSDEEP:24:otjxDCoJ+74fd/SDknSQrZzb9ZoQWSuYCRuUC:o6oJM6S/QddWS2RvC
                                        MD5:01B343075EA67F94DB01E1FA62103106
                                        SHA1:F929EFCAF72CBB4F45661C8F95729367923716D1
                                        SHA-256:B3EEA8F5070CD98E7E8F5F3AB4D417EBC745B2B1EDBD2667FD34B3BD2C1C0FAA
                                        SHA-512:65CE62646F0DC0921A8A232A5F0DDD4C615AC231B5B6327CDA5842A4F3D44ED47164E2D31EBA71BE871B192E55948A3D6A311D2B4C0714FDA4DA3B7C622AD56A
                                        Malicious:false
                                        Preview: ..5.5..4..UEd.m.#.T....c.T.4z.?.O.D..8..Do.'=.w......]#h.?...?^72.....%.Y\.f.......3..b....m....H...5.eW..!.e.W.B#.9......Y;..:.....A"...W......._.$?M.&...}a!k.x...j....S.'..Q..[.#...@.j..ai....4.8.U|..._..#.."F../.....z.v.....i......!..1L.u..}...c./.dj...&.. X...r...o.p..WY..E.y...p...[-~..6K...m.9........k.Ns]{....v.x...n]..|@...:....{..fFM..Gd8;.E..xX..].....]..=..@.1.$x....W%b...)...8............\>@.9.....M.KC..&.].....f.|-|3\....D|..$.....%h...9..A$d..7v..V...V...~@.....b.".S............$.T....... ......K.(r.P......{.5.P..g.]..r|]...{.........wG...-k..\.>...!.O....I.%.....&.0t....3G2...F..LW<_.......cK..Y.....,...2R..WF.X....a.}..G......{...U.....R....rv....C=5..9z....-?PXV.3...+.kr.z...,.p`"L.q...._L......b.....k.=.....}...s.Gcn....G.Lc..E..l..x..?.5....*.Sm7..y.t..g..r.R.qB........Mg"W.r.d..A...a.w.....a.o......"
                                        C:\Program Files (x86)\Microsoft Office\Office16\HeaderPatterns.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:DOS executable (COM, 0x8C-variant)
                                        Category:dropped
                                        Size (bytes):12613
                                        Entropy (8bit):7.985765418809276
                                        Encrypted:false
                                        SSDEEP:384:Rl5ixq5GMyWTdR4yId96vCvAyUzrDTqhr:T52q5GM3dRyCqvAdXXqhr
                                        MD5:957DCFA42835053345CD57D891D8F4BD
                                        SHA1:7BE10B3A638AA11DE8546C075F09D9817A7E7A76
                                        SHA-256:326FDCC2EFDF4097D7F0A3433CBAD7A1A1D6132AC193C35A6C89B5162F5B2534
                                        SHA-512:3720CC88C081C642BB26291CA88FEDA7C417258587B83FB0316B807F399266AA060064BCF21CD3A9F58D261C0E50DC6E43A50599649DEAAED8471D5BABACBB8A
                                        Malicious:false
                                        Preview: .Z........I..,e.Yv....54...l.v.#2.....u:.....g......^.jJ..~.{.>.m....u.^..H...k.._q.k...".~....=<....Z....c..c.......e.7[..n.TE0v.....v..P.l...|'...X....`u...[......I..a..8....1..i.S.K....DrgWN1.d.....Z..h.?..+.F4...R....O.|...j.u.Mb.........!8..i.C.y..p..2^............y.d......1h....0|.c.`...*..w..H..-.],~b.p...H^.#.|..m.....0....l^..G...=6F.....".sH.E.lKK.$!.b.%`.2..*).....#.J>#..0.jd..D...WHT~..J.FJ.4.K4...1Ga.a9}..O.v..TL.hX..G....H...a....+D.j(-.`...._....>....B..K`s.3..^............$.//......=...zf$......o.Qx.~RY./}.l..;W......lZ.).!..C9.D..R!.K}..I.p.>.N..7...f.8C.f....`.E..0.w.j...v.Rz....4.....7...n.....rk#*......0jn4).i.h..&.e.Il9b........K#.qJ...QD.C...FO..Jg..Il...{o....c.P.a!...u".U.e.C.CE3..'.4.....Q+.....`.0=.........X[...PH..c.....E.8...H.k...r9..9..5.U.....c'.x8..7.,.m.o.P.4...7..-~.v...X.U.....|<.Y......~..}....$..^l.`o.ELPS....A\....7"..n...SS|?,i(<7#.'.....x"\.4..s4...)p...GaU1.Xk.s ...'.?k.X;...E.[9.8.O".818H...]{.=
                                        C:\Program Files (x86)\Microsoft Office\Office16\Installed_resources16.xss
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1004054
                                        Entropy (8bit):7.999784470740933
                                        Encrypted:true
                                        SSDEEP:24576:wVAtsPtorvJp74IwetylkZt4f4wxgPaLaS+eR:wSMtorvJp7FfIlkZTFuaER
                                        MD5:F415606066EE42E1F09806C4B44914C7
                                        SHA1:8FD9C262515550A70765D6FE8DEF00CECE5EA070
                                        SHA-256:05BBA65FE5385810C56BD371D68E3A463B5281A632FEB5296EEB871904C62152
                                        SHA-512:F063D77DD268214973DB613B73F58D788F7552EF6F78A4A954AC623F9F87A09E27AB3E5DE1228850D8B7F423D57EDEBDF9CE53BA1234C0DFB69DCF58CBBE4171
                                        Malicious:true
                                        Preview: `.OP...x>...S....x...4-...oT.:..*..I...w.o.....5.\m..C.[m.5.s..0..1:c#'...O....bI........w.~.5..`.2y.R..u...HA..J...^@!D...p.Q.z.'S.#..U.P'[.+).......t....=:........N*>u..e..xK...h..&B..:...WDa.x.......b.z..4.zG".oI....0v...j.1....O.E)..=v. .!.(Bc.z`..0.b/../U.6./...h\..}.3)2M.xc.....}..e..M.Zq.p.../l....dX.DO.N../..Af...p}..."....g..p...X...!r\.8.S..f..[9.'.x,...p.........S...6../~....o...[..E...+...Z.fr...Y....Y/tm..}@F...U....i"C;..A8dO.c.S....'..N...6.l...]~..V>T.G..[.(.................$..P........orT...2.HV..u....qDd..f..X.S`].?.L.O .I..F.....P..I./A._.c"H..Y....}.6....#;=.{*....8.y.@../....._.G0.pP4.j.0L......\...z../d....y.[.1.5%p."...{....>l..........v.).B..b1.v.R..^.....;~.hW....9.....|..g.z..u......[....`....An.....%{.Msj...vR..n..o0WvK..tp.....48..@y!..).Z.ZdZ[r`#.........,...nM...PN!..../y...os...P..em.(86...g...R..!.o....v.?.D..t<..8'..&.Qm.4...{.k?..K.O..J{.y!$.....-."_.1d.......*....`.D.....,..$..v$...3..G..S.mN....4(......G
                                        C:\Program Files (x86)\Microsoft Office\Office16\Installed_schemas16.xss
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):164374
                                        Entropy (8bit):7.999045820377761
                                        Encrypted:true
                                        SSDEEP:3072:JqTDFEAycUtFOwdvym0lCxAa3VIF6jGDW/zw/C8aH2vIMFYwVmQDT6pG:JQDFEAycUtkivym3AMw65k/C8aXM1/Dz
                                        MD5:F17CF6B2D1B931A18BB0C4FD4A22D236
                                        SHA1:276B1683C7A92BE71E19F44ED5084135D7A012E7
                                        SHA-256:7867B1360E288558810BEB4F65B6611BD401EF84DD542EA3454BD349FB2BD9F7
                                        SHA-512:1CBDE9FFAB5956F0E1F1CD808F25F0B1D0C2AD1E61667A9BCDC8229011870E477617F4565974BC166B6FC0980D59BD56A2037D94289F43AB03208811E234F9E2
                                        Malicious:true
                                        Preview: .o.{C.J&.8B.>...j<..yy.;..w.$...so.9.".eq.k.k..bj.......O.t.#f..#....=....J/..Q.h.d...I@Z'2..@....l}...4.M....H{.C?]..J('`.O...5.......l...:.e.......&.p..4{B..<ce...`8.!am..1'<."......>.N.]W.}...k. c.c@.G.,......H.V.q.'./z.G3zb...K.7..+....:.;C..z...I..O..5..s.-$...D..$..;.%1....o..Qh'c.@...F..8)...[.!..\..(.+.r.`SHW...-f..P#...O.....C...s.....gB..?y....)R....2.jA..+>...j..&w.(X?...Gk. .K.....G.-gt.L.~...M....I..V....m..8.+....k...K.j. .C.I_U..zV.....*:.e..\....O...Oi:..`\...........cE..............$..........5.!......W.R;...)<..#.P%a..,.d.*i.e.S:?.[.b..C...ta.N\.%x.==.=..f..Cj..Q.lF.y....u...uIb.o...^.y.A..s.K...4.Js)..pF.......-!.Ow.cG(..k2...0.....^61L....C...1.....]......L.X7.... ......Ms...AR*.....')H...Im.+.jW<.O.r.t../.A..~c.l...g *.......u.f.......%'j..=..Ou....V ....PnJ..7E....f..|..71...K..C^...;..e3..Y.8.......c..2...H6.&K.713.T....O.=.].$....&.$.k.....b.......D.2...as*...(...LM..#.b.?.?)q.....g.TS;.........[08..W./%...T.W.........%
                                        C:\Program Files (x86)\Microsoft Office\Office16\Lync2013_Third_Party_Notices.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):9299
                                        Entropy (8bit):7.975531447852248
                                        Encrypted:false
                                        SSDEEP:192:zwzbdQxrcnZuxewKUHHDQwNcvHHjBC1f4SVhIu8K4zQfN0lV:OhQxrcnZuxewhjAVC1Q7u8feGP
                                        MD5:5A0CB1FE64DC96BF38B4E347C220DA65
                                        SHA1:66366CC4C1924CDD7CC848ABF9B3CDFD37A2295D
                                        SHA-256:4D1F22CF3ED2C44981E1622394453A50CC0D62F69A9B75DC1F1A565B7A6AF311
                                        SHA-512:9C8664F1E5DC41C39F22464F8CA5500039A6E66C11953B53802789B4229039AED6116CF1E8B6CE6C7CDA068F21C39DA63BDD1AED1FD84A3BE270AD3C12108613
                                        Malicious:false
                                        Preview: W..'5..=...X.@.|..Y]Jk.A.7+r.L%.%..<.e2`...S... .....E.M6.....<....h...W!6.......8F(.7.!....s..I.V...@m..}.P..5..-..pLd.{.".%.....L.m.F....^..?.....\...z!.T..n._..5..... B:$.(>:.BA....e.^x..w....r.FMd....W...[.......G..W74..-..9...7N.e.I8..."..zDz.$.......j.x.8...,N'.m|...#.U j.6k.G..,.wbF.9.~_.E*$...O.V.=M..(...S.0......Xa....O......<....<....;.K...W...U. ...R)W[}`.%...j..Y...;....b...As.Pg.,....Z.@....rbz).B.w.R.......I.H........!VU.R......;.m..!c......W.....I.8.0...s.7.............$.="......=|..9.....0.........[.5V..a...x.\..a.f...4.....K..To... Oc..gD.......y.j....h.....<{(.k....@..6"`.6....r.x%.._>Y..X;..o...h...0.'...2.....q..w]...K..|.&B..Q..@..... E.f{3).yH....d...vl>..0>...6....._.K..a)...=f..m+...$.M.....!G...q..B.....k..>.p^.H.....y.].Y.9..1.r/..8.....g.AXJ.H<...lP6'...o21..n..1../....S5...?......L;.Z.M.&0:.y&....E.u.m..g..;..Y*?KM$..FH...".B.1<.7..L.../..n. $.U...d.....XxW..H..P(]..,..6.I`...J .|.9.L\.K...}'.Zl.+l
                                        C:\Program Files (x86)\Microsoft Office\Office16\MANIFEST.XML
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3742
                                        Entropy (8bit):7.953091602608896
                                        Encrypted:false
                                        SSDEEP:96:u4bFbZHIeq9d41b2OcO8z6nTCVLu976wGocs8jRri:hbZHIeK44Ox8GTmu97vt8jRri
                                        MD5:C786E8F85F7591E168D390061DF10D0B
                                        SHA1:A4469BAC0D2E3D55602BEA2716FCB756ACE6AC67
                                        SHA-256:868B67668D143D02B4239ADCF061C0EE2ED6FCC7AB8C8C4643D6AEFC0D2B9267
                                        SHA-512:C6A7AF2250A98DEDBB4011E6FB0A1BC20E52B98CA17CD6591BE7B8FB10107878FDFE36305B9EA2A7235B635A5F3550442638F77D899DD59C71CD4CDFE3A2435C
                                        Malicious:false
                                        Preview: .4..&ho%:..hr.=......_.q.......oB.Q2...D....=..(.>>..p..|C....'F...F.....f......#..c.V..a...z.?\.....2.5..jU/N...$m$.3M...l...g.#.)z.Y.p..........b.9...DX...O...G..'Ah..........p!..`&...<..Q...kN\.NuK......ZF1.......@..)@..l....D.H.....:.1.).cQ..Y.Zq.../.......E.`.......c....<o>.r..(...a-.....1~Q:..0K].b..D....{.!..=..*s..H..V..dg..Y..L.?...b..y....A.4.` ...&...>}.5/.L.\...yN..6&kuK..!..&..9..FN.N6...}..I.y.L.............H..2.....=.o.81..(.%.]...U;>..r.....j...K..Sw..*.b4....o|.g..^............$.........M.E..^.K.....H.8.....3B....8N#[.y.@.0....."3q..MCI..0...2|.h..Xq.Z`....n....q...:.Q..I\...`....7>*.[7.."\...R...WB.zo_%..>.va..S..h.f....o......./i.C].....q.Y..`]..:.~.I...5.W.R.R...|6.w...1.QO.......F.5.....9.C..IKzJ...Go.l.0....H^...d.L.0.!......W...A...\..Q..Ecd....''..S#..&B..v.C.@r....4.(X.{.D.;j..,..hf...........Er.....\e.d.....F..M.7\?).}!8"|.W.KG...Y.U...{.E..82Qq9.T_..f...^JVy........<W.3..yf......H.R...@........5.~.."slN!>..5......4R'}.
                                        C:\Program Files (x86)\Microsoft Office\Office16\MLCFG32.CPL
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):70374
                                        Entropy (8bit):7.997833298791969
                                        Encrypted:true
                                        SSDEEP:1536:mmJiCXV25GEJ7BCNCoFxCNa3PaMC7V7Xyl9CErcbgJP+ky:liubOVCNCOTP671EYbbF
                                        MD5:9AEFD33454DB49D64AE1774E440429E1
                                        SHA1:FA7D60F0388F6081418B08F7CA7D4B24ABFCEFC9
                                        SHA-256:6D002E6E4BEA83BD612984991886E630742191820595B76F169E27DB292BC9A4
                                        SHA-512:75FA953A1798CBD6707AC28EB2BC2259825F65D5D8A4E62CC706FB9D22B82F8E0EF5EBDAC94C28B81FA5A8A2011B7D8859E056168870D4861076E60D48D1D425
                                        Malicious:true
                                        Preview: d$4.`..`....x...7{..g..<z..)..aU..\s....{......6.x3..........\....7.T.7..x...b....0%...B.....d\zo...S]!.&...lt.V ...ZH.. ...(4s.G...d"Z...B...O......Z#.,.....)..Hk'>....\....Z~.X..e....eo....9.`q..M..[......K$!I.p.1.......v.%.V...\.1.}.........P.'.\S......j..B. >bkZp.......y Y/.i........a.@.[........'..q.p..;X..6l.]'I. .c.CN.2...H!.9n...Y.PF.i..q.........A....;...ZR(....X.#.I......v..}.\.9..|...nL....\...\~...[.+e;..F@r....[....@..B....QG...f>.X...Pfw..p/..yMr.u...9.n.....X..X..............$..........s.)..m..O+jpT8.s}n..9.D..0.f.....d.s....;D}.X..h.v..7}.\..*........W...Q*...r...kG..w......._ES..}...l......&...'.......*9v]..._.}q.'.t'.../..w..-.7..$.]5H.$.?.%..........bR.x....`.u....A....*.0...V...X:....o...W.@..g.Q.%. ....\E........gLaO.PC+..........+.8...?.9.=.%N.b.*.........Z.Re;.b%..S..bR"..}...1n._....)$.5.3~..h...&..Q.*2.`..B..D...,...2"...M...L.h.z.z|fPo...q....NZB_.1..YIx.......u.R...O!..........`l..*.....d..?.5.S..b.d.
                                        C:\Program Files (x86)\Microsoft Office\Office16\MML2OMML.XSL
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):156061
                                        Entropy (8bit):7.998897071153921
                                        Encrypted:true
                                        SSDEEP:3072:hDIaqn2TVEbN0G1fm8WjHINz5oBGIlBvqcgSkc5rGJWEoFYadh:hVqWVEZHDWjHIN2GkBvqcT5aqHdh
                                        MD5:23DA05F39837B0F2F20FE3C0AB2465C8
                                        SHA1:64CC2119DB5DE06A7CCCDBD90FCFCD6D30A7E50D
                                        SHA-256:6117BBF837A7B06CAD330F13B3C833BC9874C9D2EBC6C2C47C37413A5DB50489
                                        SHA-512:F5F3280719580F519D910E6293F0DC9322994B2BFC2FF6F20C17CAF3D0D07BB165E528AB0818AC704448C4826CB6E6D081D26D9741D3D5CCE0C6945180E6DAB4
                                        Malicious:true
                                        Preview: o.4..,.].[#.g:h.>....4..`.O..!.\..2.%..S..J1...Z.d..`L.Z'">.s.L...k-.......>@............!)|.!(]..r#EbI.I.......DY6b.5/..~..5.`.v..;z.{..dj......Ah[.[T..\D!...S..TH..r]s.l..........~rg .p...w.I....%.D.@bu.I.2O...|..l.k....-0)sh..Cr(X.q.>.h.]........(W$..~a..g\..9..G.v.......Mn.....u.5........L<..I..D.."..AF.|.<.b.a.&J|ye.Q4.IC/c.I.......).......|......./d....x..<.S...!..o.X..v.....)".#.p.).....2.G...6}$.B...d.....=.m.$....7.9.e..=.@...>...|.....<+.'.bB|...$.`.....UJL.1. O!.............$.._........Xi...4B....]...|.^...4.......i`\"...?.5`..1.?LF...E%..u~.L...D.V...&@.R.&......Fe......2..5......f.|......;sz...z...g..D...!q.(g..[....I.M...`.........p.M<....l..O98......?A...Y.....E.C.%.q...INf..:....S..*XP..,/.0...Y.......+....q..b...#O.:..@..mb.W. ....b.R...r.G..i{.......%..l.Nb2,;.6..P.u8.....H.5.\i.-...L..=.-.(.9s.....\.\.tB.........k....J...#j....X.............>..>.:X&.]..5K^.[.M~...H.%..;..^......Ok......t.....\...9..
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSACC.OLB
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):694526
                                        Entropy (8bit):7.99971594000745
                                        Encrypted:true
                                        SSDEEP:12288:DZbDK8GNy9Vir0d9ox2olokyqcqSLm0m2nagUDIgLt53iss2ng7epSmo1dqgeCHm:dbO8t9wg9osUopqxe68oTU2noPp3qg6Z
                                        MD5:0F644E6335DC6D7744DCFE6DB2D7FA27
                                        SHA1:6CD3EE52ECCF938F7190B06D0640DE4C0B9F217D
                                        SHA-256:48EE8C4EF1407FD004E00134361BB30C78D5131BE024E8F2CDCF6DC60680FAA2
                                        SHA-512:D5925AF4F219F135E9C49A23EFC5D9D48B4E0AF8939F52C52D81B8A100033BEDB9F683E1C73BE151BF6C6BAD3AFBBEF7E11A084A7E7A5B238C296D4AB948579E
                                        Malicious:true
                                        Preview: .1.(".d.....\..zG./.........<.....Qi.t..[W...fX.%.e..X|..#95..n...5B3h..?.M.......x...f....- p..'{.!!l7..7...1x.<`..NT.ld.'.L..e!n.1r.[I.N..f[......HE...r...%D.....+....g.).,m....KI....g^.H....>.g....;.;1...=.....<...7...<.m.l...\..,a2....U.y..$n-..q.9..E87..B.l..&..I.C.R....T.5*....E9a..0.....\z5F.6]...+cg...X.C./zHp...y.}rN*.<b.....?v..v~...|..uE...g....T.r.5(...Hl...[g.-...y..>...|Q ..Yy.2.;|.)......C../.2../.(u.f..}..t\<..83...Q.~Ww.y.@|F o^..\.k...+..b.Q..W.V+.".r&u.[...`............$........,.i>.M..v......S....{Q....n.C..g.j[....A....pw\.....@..V.e5RV{..h.....>I.B~..|.~%............G.)?e...K..6'.. U...3..7..E..l..N`c.H.A.... ..o..j.....|......o.....(L...Y..7...I.w.K..^e..Bw+..;F9...Bj..#...5.Db.B*...".M....*a..'.....ML.1...JL.\o...5E.]...bJW<...*B6.....e.u.T.7....#..:..C....q.....=P.3..]v.......8.o...Gp9.........JZH.9...=.u....-3.`..\....^I.#y.J..L.LZr.p..2.7*...J7Q...}$..f..f.X.B.Z."4LX......dwNl...E7Gi.}.j....m..-......g..O.
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSACCESS.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):878
                                        Entropy (8bit):7.731326395125618
                                        Encrypted:false
                                        SSDEEP:24:Fg0F3O0We0xW+CP8+M/Ef0fhrQMA/+n9AeoF0O:iIVWhP//E8JrQr+n9AfWO
                                        MD5:8F0BDE1AA368D6B070635D7BE888700B
                                        SHA1:1A5F1C785861EBD1F5318407B5F0DCCF007677E5
                                        SHA-256:6099F84C0A9243D53A3CD7A3B4EFA91F712C64736D2401AC79ED9A87ECEEC6BA
                                        SHA-512:0288EA6071E4E45B89C0F7A8ECA155BEBA980776067B5D9E1BE078C3ABF986CFE7FDCE9EB21248D977DF8F036948A8438A00E0B02659AD0A77EC37C8396252B1
                                        Malicious:false
                                        Preview: ....:.V.*HR*.dJ.w.rF./..@I..0....V\........;g.iC...+..e...i)z._O..F&.....eVic@.....n...N}..?'i....mRt`....K.n....9^..F.:.....E.6.4D....-g...|.L...Az....$.B.....OjF(oM..O\.q..,J..ex.+u.A.g...e.Tw..b.. ..N,......;.f.9.]F.<.&.f..X..W.{.1..D.Bs.o....{D..,S.f....v(tm~...Bfj.I/V..rHn...x6.F"a.......<..)%.&/-.........b2...T....v:..J..y......^.7.y.J,....D.NY..uf2i..9_....-m...G......[XM..amv.P_~y..s.w.R@yv..Q..BT?.:..%..f.2.!..\./.5Vk7..Y2.. ..mYW........=0..`Z.Q...c.)..z..K..:.h.y.,.,d.............$.X.........JKQ....l...a...........0L.;6_..m...co.c.w$.-.L...a..x...S.....Q...H..g.K..zh..).~....@..C.'......]..^.)X.7....{..3.?!....ct..E. ......N....{9.n......}....(.L.TT.1.Eu.n.n*k{..{.. .HX.... ..;.:l.&.7........\.^.&.z.+...X...*2.:...c..I......8C2.[..|......}e.@.T...m.......s...@........N.Q..w....Y.G..,.3I`6X. .A.x.a..R...Q,...8.
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSO0127.ACL
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):13736
                                        Entropy (8bit):7.988125985019716
                                        Encrypted:false
                                        SSDEEP:384:YTu0aSj72m9B5Xs3Y9tfACVOVmNiE853cc:+uhC7ooHf6mNiE859
                                        MD5:8A14D8CCD51A33CE0AF8DA0A592D0B97
                                        SHA1:2A2BEF5C6E52D18B982C13DECBDD5576888430F9
                                        SHA-256:91F1B155332F6D724E75EB9C9C7EDFACD6E32914C36133B5D07F025C7E88038E
                                        SHA-512:5CB6C0C730227510F937C5CCF7E944AFE3FFFCB193F1234ABB46392437808B9414F09254FC4085136CF9DEC7A838CC2B065D294DBC24C27EAF2A07B7972C0F14
                                        Malicious:false
                                        Preview: W....&..z.5...#.`.6L..n.f....&K...7{.R..g...g..\M....t..7.o.B.;.......4y....(.s...P.|[.PW{..N._.>....../..>.;.]:8.b.3.......F.1.|...E.k.^......<...>.U.W.#z...+M..u....$9Xe..r.Gz.m[...$^..../c|.J.V#.O..?.......j..u...[.R.@v..]*..]6..|c....sR.3i...=..J..c.......j.F}i..Y.%..8.3.K._C.O.Bz<_@..v*..o...Z./...0t.[||.%..\..z...C.t.D.D........*U..r...5.......b.#)...qA.7..G.]...(n..h.W..H.....\.W.&...J=v...%P.n.e.......T.I.m.*Da.My....#...&..y...{Yc.fe...e8L.E.........9..b>..<...f..[...0............$..3.......y..[..........~xhz.nn>..$..'3x.F.I.BP..#...w..)(-7......I!>.Y....b..V.3.,.uY;.'..l....3...Cb:j.qo..&1..e.,....(X....,2..q..........J...`|......7H..:.+.T{.J%.?)6.=C.."}...k.@...7CY_..$MQ..m1.@....W....._X.[.F.............u.|d.^l.N0....9..7.S.?..{!W^!.#.D$.........}.2u.\9./....m.p.bLA&...B....wK[.j.._.Q.../zMtH.C.YF...3..k(.a....W.J..Y..N:I.9W.....A.+O.T..Z..D..U.D.\..,O...v..U.^.]*.V..q...P..'G...L..L.....k....\&.tOd3RB?OoM......v....ZB.h.
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSOCRRES.ORP
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):19274484
                                        Entropy (8bit):7.999989499554253
                                        Encrypted:true
                                        SSDEEP:393216:2LEuC7Zo+xLGVIDfRo07kVFTOOakvqtT2uogtCbWaIx/yCBvmfVfN0FO2:2LEN7ZoULGVID5r3O+Qu5pyqvQkFp
                                        MD5:E0CA82D14F14E2FDB3B606EFB2F44191
                                        SHA1:00659E31608B4D590CDE24414D5A8D196D275924
                                        SHA-256:74BF65D048E51D992A09691F1237AF329EDBA821E6CC1E30C644AA8B7900D1AD
                                        SHA-512:161AA98067B12AAE383DF7CB3AD224B68303988DD86EE3B76D71C945B54D23EA2D91E4900651C38FB4661BE997577D00C8F6247DA8FF406822C65893FC6C9975
                                        Malicious:true
                                        Preview: ..nZ.^..r..i.3..[M...V.g.)...q....yU.E..IC...Kj.O,..e.Sm..&9..T..;C.*f.=....K..ic..MN.r.;..\s F..u...T..x..\...I...`.s.........W.8W. .....I..H..E40.U..j^eS......jj....{X}.T......FyZ,6.K.T.......... ..5..c.......[...th.;>S/x.J..2../.5..L...+W.Q..p^o.#...!..YY9,....s..%..5o....+..IbY...W.)a.......8..T.{.5..2.........P[.7....\.....}P.......m.P..4.G.u.......*b.EH. ..P.4wL... !~bN.bH.6v.....Tf..C....o.....zr}......3.......p).../...n.|u.G....+.'.;..eS.....J..S..m6.MCX._Y...%....}..............%2.2L....../2.4v.a]..Bu.Zpz.{........m..k$..P.!..C.....v.A<.Q....[u.3...Y...._8.p.2.:5-.lU...)=Cw.@?!...H.z.C.}..s.y5..1.P?F...Xm.y..{.;..C/z-.qX...,...."...c..u..n..HHQ..w^............H.o..Q..ob..-.....r.U.,t.:...Eq.^.....+..r......P.y.\B$i.D..Q|' ...(.....z.z.l|......I]."..".G.m..00./bE..?.._W?..%.O5..K..!@m.P% .;.........h....\A....]S.J......q....Nm}.i...R.FO....d..9.Z..`4>.......0..8........#.T.(....hD.).F.#...jc......{V8".H..u.<..?=|..A.}.G.(....Y...
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSOUTL.OLB
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):425174
                                        Entropy (8bit):7.9995862227506
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:07B410F45A10B411363B098DCA3EECCE
                                        SHA1:1B9359C01E53736BDCE0AA369CB37326D1F9DA0C
                                        SHA-256:BD1C48F0C1075BD08C14BE833B4B6C82BEBF825F34F324A8054B51A6C205259F
                                        SHA-512:39ADB4FCB0F4D0B58AEC367F856C5B92916CD07742FF93238515C9F7243AFAD5575834AB3C513A2321498CBFF4250E20A77DD0E29E217B411758D9D451879C75
                                        Malicious:true
                                        Preview: -4...`.c...'f.YB....wa0............O.#2.V.S......eO.>$.q....s...L>.:t...Z7.F.r.95**.H.g..w....x.\.{x8..s..]..:.Jqz..ge.u5....C..6b...p..M1..r.[.:...*......f.[6.e..o..G..n.>$D..a.M....5$..o..jR`0.*|.v..y....g.MU.S..r.p.GU..G....1.D.=.......".c?s4...3x.....x.......a#...,...........#~m..:......\....... ..Yz._60.c.Y.....4.....zq..hB...<.."6t.,....{b!......\..$.t..v]E.E..h..a.....:b.....hB.r..k..I.^*.AI1.... ^4W.,1..1...'.......W.........4..5....q...]..Pm..*....x.#...$b..77N^.q...D_h.J:.k..Q..............$..z......-"....K...k.'$(...p..jGKA.?.MH2..(A.....^.....S........T_.-...t..(.;g%..E./O..{...........N*.....RR.C.t.6~.W.;...."qx.7|p....s..-...+.U.......=]i.....Pq.4.m....l.YIu...V. p4^..D../k...M.p.P.;...q%0.i.3.....A..b.TD6.w.1.....q.)+.e.......y0...&..A....j......i!..#O..].p.<%...&...>.......u....R...^,..&......Lc3\./..K...y.">O.....#.kf[...U..@...8..Z.~[..N....W.+.*.i..........$2....y.-.....:....an.@.9_D0qJEZn..*....n3..\jD.&U...-.-.cv#~..D ...W..6...
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSPPT.OLB
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):428822
                                        Entropy (8bit):7.999553022017881
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:A797956D398FE14C5F69031493737C03
                                        SHA1:1D1B13275DBEF360DA7312FB3FA4F66214FDAAB4
                                        SHA-256:146ACE03FB84A6632C208790E92835E864DB402D002470B87428F1A99DD00BAA
                                        SHA-512:1DD94769A63BC06613C68F4251EB6E872F8ACFE0B43E18A3EC86FD97D09BD98F3C02BDC397E17FB05375D653246F5C0788347D993DAD35A691B610811212D39F
                                        Malicious:true
                                        Preview: ,....< b.R.%.aS.C.....`..].e8.q.&.L.w..T...%...k....{...%. ".......@0K.....J.7...^..r.-.......M....:'gX...p.`.$.._.3...*E...f.....-P...U....P.....B.T..r..kwZ.@... K).....Q....^..U.d.E~Z.W./.....yo.#...?P=..:..}H...j#.`./V...%k.RM5.)...O..*.......!..[\gc..\T..."_...G.....j..C9.|..g.DJ. ....w.@r.P..`2...zha....b."...v...`y....(..eY..w.......d......q.^?..SR.ml>n....,!..y.:.|aW.X..G'#NwpP4[>...tP.V9.K.eE.6.j..-/.?p........6.SM>....ye..(9..l.@'A.O4..0!B0{.L.S.G..:R...]h-.w\............$...........r.AvD^...~L#...A%[..p.............;h.......JR"..=-....._.B.+.....u.x^v...F..(U.s.X.+.?..1.L=d..'........K..)/.W.s./x...w.lH.t._.. ..........CZ.f`..p...H.....^.d..>....+.9..\.k....;..T.......Y.!6.........Z.....-....\F..Hk.<.WU5.vkN..B!(.kO..:$.FK....0...H....;.......".2.(X.s=KS............bhW....x.t.~[[.e..y.1...wq......".G..5..%...r!z.......Ah..':P....w..q.gIm...5.!..;.0.F....=..:...5j..o..^.T....?.....[..VH..$.......z.._.3S...^.m
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSPUB.TLB
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):268938
                                        Entropy (8bit):7.999340976702557
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:92A3D4DA2B3F002C87BED5248B47DD21
                                        SHA1:E673FC63E70DD332D4280076E4B7A468ACEEBADA
                                        SHA-256:DBB54A2937F8F70CA31941CDDD7BB0058220CACDA196BCFAE8BFE48D0C92A5FC
                                        SHA-512:45EA31304D9B9131A1E0F4E5351BA3523B030CC3E98A4E34CA2130E10E798B5D2C55ECA93F8B4AEE8F3F73C51FF89E62BAB34666EE1ACAC51B5837029F920D16
                                        Malicious:true
                                        Preview: ....<.f9~..,4.?>....:.6.....S....@.2.5.Wq.F.........f.._.._.J9._...m.aD.....~"7.y|......@&..,5.l1l..1........s..K...Z.OF..Xz.^..Q-.f.........,...$...M5..(...6.?M.J..55zmDx*j.%[%......J6.L.%,n.....tZ...m....u0...E....O)$y5.b.}.EV;...y..m.-..n..=..\.......m4......yd.J...)...H./y..7.!..I.G.x......:z....2!..n.ma.....J..N..."!k.5...l...U.s^..N.0.e9.R....}y.*{7..b.>.-...`....D(a.....6.4.T.MS.J..Q.:...& ..|l..i=B.nh~NS..P..!I!....._4."..I...<8.....Q.E...P...#.B:...:....ZF.WG.....?'..~.. .*B.P.............$.t.......{......j........>^.F.-t.}..f.S.S..../CF...9u..~w....C\....{... ......C.....s....\`.&....Fa.cJ67UKIuf..[...g~+^....5\^._9......v.J.._a.C...5.q)..i.B.......dXkym#J.).b......\.p.I...^.6..t...yP.46......N....b=............nX..+5..r9.4_.....uQ...^....8..........=wJ.[.g...*Ef@N}.pJ..)......u.=,..:c... ...._e..P^./.W....2.............e.YE..$EU..ZMO;F|.]....z...Y......2&PB......W.ioA...,.... <..9.:X."j,yh.X4....r..b$..Y..2..)..pyz.....].ls.N
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSPUB.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):872
                                        Entropy (8bit):7.698822580649009
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0258CE4A8E5F830B89A2905FC65076A5
                                        SHA1:1AC206225D2EE60F8C22DF91069E060A9911A506
                                        SHA-256:D26E1D4200163A04D6435D0578EC8F355A8E944B283E77FE62C42966D1949D77
                                        SHA-512:528C3A7922DB681D1F9C493461C7B0E297A10F0AA7FD22015E201B549752DC865564BB75EA548F8CF101CB790CFA9C7B2CB0B7BE5C5D5520A79B0E4E4F7134EC
                                        Malicious:false
                                        Preview: c....]Mc.$.m?....-.=A.p...j.HN.q/...=.#...@..9..I.I$.L...N......5.{J..Q...l.L...<K*..E.i.....x'o.b...]...2n=q7.:)6mO.......NQp.......h.sS..H@.ka:..V4H...HH-....}w..b&yV~..I'"n.......Q0.$.!.6.B?......@_.....V...-.o. I...V4...O..*...k]N{.P9.J'O.....57+.x.......Z0.M.+.~7?....>Dr]...Jq%A.g.5pX.2.n.k....dK.v,n,V.R."6.$D&..j....xy.I...s..r.7@_b].....y.y.s..6=..{.%...(...j......}.F..@..)..;...eT@..|.=)t..Uj.Vf.A....q|.Q.(;8.....;.,....,.5...H./&OW....n.r.....pi~..O.....z.."@.2'DQ.IZ.*.O....CE.o............$.R.............{<beu{.Q.hx..om._..../.....G'....N....w.2vp...H..[L..m..B...IJ.cp.I..~>....[V2......*.....>..Q!-.F.H..?O....?G..A($.U.A&....\X....<.6..q.#XD..{...`....K..........p._..x.....B.g(..ygx..3.LxK...R.E.7.....[..k.%.Q.A..8X.....;.oB;.@...k...D.....I..|. ......i...Lx.{....9v.r.Q..n6.hl.`..Ru..Y..K..U...hP...+)Y$-j.....
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSWORD.OLB
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):928950
                                        Entropy (8bit):7.999813041931008
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:0175937A6AC5E2EECAD773A99A488605
                                        SHA1:B143733737FCC359B9F9750ABAB905DC0096F082
                                        SHA-256:14B42CC6B3CF98F79466E74B4348885221C08415062149884996C079EED607C6
                                        SHA-512:F22976C22911BD87EFECBFCA3CBD42E4A68749565F32969576D9E3C3CF7EBD475184F7A700D9FC0389AE87379C52031019C6A1F174255B4A72EEB17D52BF4E0B
                                        Malicious:true
                                        Preview: .t.'..;..Bw.)r]:.U.........~.I|yy..z{...q0...#.O..[.F.K.d....l5....u...z..w....-.9.`........Y..ju=.....UT...-..C7.L..[.]./S..5.e ..=.l.16..v.....R.r...7.d.....7..6.]....f.W.ap.o.._.....|eU..i.[G....._......7.....g..j<.....zu~..(......=.Q...[..}..'.[8.....sY".6....G......gn.Z."..i......I..&.=&..v&;.yB.Qu..RS#..;z^.P.Kli.D.E.o...f..........u.a.b&.3..\W...k._.k.1..M..Z..8..C<.>X......~.W...u....`Rp..0..T....`...=.t......P..}......G....(.%.#ha...|."......5>...D .X.&z%B..|..........T...,?.......w.............$..*......$>.K......=.. .X..H..H.`..8....sf2....Q.%.wB.PU2.W>0.5[..<Ala.).n.<x..mA..#......N.w.E._/..~{.y.Z.-C!.. {...[..._4....t.0!c.3.......i........F%N.q...J.]H].4....6.67QW..+....S+>..a6...-w....n..j......S|..?.E..?:.^u....?.Y..$....1_!.. .!..`..D..aNs..A?.\M..y..S.1..f.).. ..5s..b..E..].....z...k.f.].......`.?f.=...G..ge..i.@z...C:h.e.R.(g...U......%.E.p.s......s.}.....h..s..x.......]....k.m.....|j......V..&...g....&..AU.....3..%YDi`..Y.f.`+.P...!d
                                        C:\Program Files (x86)\Microsoft Office\Office16\MSZIP.DIC
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999831679976984
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:579C08DFE99494E50F57D41963115303
                                        SHA1:E331B5FB8D9C1080F61A3CD1161D81F5E13427BA
                                        SHA-256:FDC47880CF714075324AD627FCA44A80199FD5F0750EBE5B050855CF786D9C9C
                                        SHA-512:E372BACD11A6EB50CF565C96CFAA106CC42A4A1256F7CA0C84ED76889CD42E2E0F4D170555F2C126D3FCE98E0A5BA2777533C78759E5E3970D47B139C124948F
                                        Malicious:true
                                        Preview: ...7.LrQ;..;Q.M..Z.,.BPf`x.I.J",.Z'C...!.Y.......j...........&.G,<I>...M.....w......M.bN....F..3|PS.n...B.L.Yj......Q...,F.(..^..R.......9L..f.V...#N..\.W..h..Ol........./...)...)....u.L..0C..Y.,...b.H-.Ss.d(...t<....6E........1oy...O...PhnH.%...s!IG'.A`..^J._....H......x.T..+%..5.k.:Y'.. ..J..)....BG.<...#...Ug.o.....7].V....R.........!V.........S...x...r.9^lM.u..`..... .j..@.....^.kTB.<.z..".3.;J.).k..C......0.=.oS:.\.@a..G+.=a...8..m...?O.n.5....]...B...T....@..N~.?.'...;"..?50............&..'F.......r...@..r^.T@E.R>.. B.....L..$N...v.#su;..(k.....BU......?C..r...Y...7.Zt.Y5A..Rg.G.qO]'T@........N4.l..s0.7V...p.9..n....W?....2........f.3..e.F...p..V..p."...?(Qp.w.I.V.....z....9.X.}$.J....~..T.H..W......U..S31.$......b.h....h..@..>'..=......4'..F.0...(.51..%.Q../....R...,.tb...g.UIC`..A.".<..@>.[..gR..i8$..._DwK0S...P......0.@p.z......-...a.... .....k..K...r..i..E>`.]....-.....~......oa7.....]......jf-.-)..."..;.-..-..~...5../;
                                        C:\Program Files (x86)\Microsoft Office\Office16\MYSL.ICO
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5964
                                        Entropy (8bit):7.967533812125608
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A156D15855E21EA1743C018BB10C5397
                                        SHA1:D878207DF46358E86A85E79C425D006EBC6B4878
                                        SHA-256:414941EC72EAAA536D2F49BEE44CCCE7BA08B22825A76C8C48B6EAA27EF80085
                                        SHA-512:8BCA7F92CB44D83A574BDF6D923E44D3F04F7271D69A77585936B4E14413E3010D95EBE24649BA01E9E39FF07DB36318A25B0220DBCA7F6B757D1A22FE2C0BF2
                                        Malicious:false
                                        Preview: 1...zR.zh... A0..5....kB.<....H.......~.*"...W.a....jV.5.5...o..*xHP.?.L+...&.H.....w....f.....~..l....E....mO..c..........N...r..:)'..=...j.........N.~...h..._..3..F...(.X.p.xj...d...>..j.'Kx....Aj.. ..L~.VdWy..F.k.L.k..}.31.....^ 4...W.t..K.A..l.<..s.......,..7.^.,.Ys........].rT.,.Qb..?[.NS9.).Fj.*qq.. ..47.....Zj..v B%r..aF}............6.m...F.T|we1..r...7..(....V...b{......b0.)..+"..&..'....+.I..,h...P...T......_^.../."............5.o...F...K."..M...!N..{=Cs.{4W........6.L.{.D.Q.............$.6.......=@......}.I..q_2Fp%.* ..4..r.8..}.~'F..;.....ef....<.{"...\0.!.U]...D#.......;7.P....K..{bT.z..nX.......,.a.^t...tfI.p...lSx..J.[.....0.......q.I.x..y...=..G..b{..%.?..)=...R.!.....t&o}m......1-7f..t.%..y..d.....l....+o.B..(..J.....~.._?E\...M2.e..($.q.$y.LJ...#....T8...1..`...ou.i7'...z.\....._B....5.Bk........!Yt.0..u."..kXBSQ..9...............%..}u....Y...{=....:~..|p.]......|\/..N. 3.A.*...{7.....3I.}.?M..E._...,..-.......3....AU...aS..s.q.
                                        C:\Program Files (x86)\Microsoft Office\Office16\McePerfCtr.man
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):19050
                                        Entropy (8bit):7.989159092587099
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4CE16B490B99F1DB5C9532F178899ADD
                                        SHA1:ED8D60D2CA936CCBB06ED2ADAE49FF0F67A01994
                                        SHA-256:CDB48A00F21E1E05F2677E9FF5EBA090381274650E73CE49EC1ABF37D4A492AD
                                        SHA-512:1071D97D4C04DDA064397B77498658ECB020B2338FF4B01C406C9F9121831BF8145E23AEAC4C126ABF82086B26636875BFA1F566829B6EE19866B97C1FFE3515
                                        Malicious:false
                                        Preview: a.8..w.>U..WZ.....<.&y3..wc.N..r.."..y.==o9.^PP.."s.J.I>i..kz..*~.L....C.DyB.B.S..B.;..t.aC.p...+..n..C....`=.k.E.."I.a.I.i..N.e..L..S..rr.>.b....P...cH..x.!c..^.....>...<!...........Z\.&..Y.....>.t'...R..~a}.D..*|..&.%;..=G$K9....h..oj...A..A..f7..Tm..G..{|{#2....{.>...c.r".Y...5..4y}%Oy...3).....{...o.S}.$=gt~..y.h...D.f.B.,.Di:...\..#zX.-...'.O_.....'..q...c8j....c.i..3..:.V.8....#.G....T.)..K.......z...b...L@.k.Ko7Q..o`Rb7}y'..i...34...p.-.L..Np.....Q...a*`.|L#.5.=%..4.h....S.. ..............$.TH......k..j.-.....P..n..........V4.C..gM..rI.6J._.._.p.r......:......e.w...hc.X./*....*.......K...t>...g.....oX.....<.....u.+..O....D...7..r5...p)..x.v.f.*.G.].!.G.j....d....No.].&....o..?u}`..c..QT.\yO.SSm.........7.....`.I.4..J'.>..l....n.M[8..:....&...AA.N3............j..Q.o..P+C.w......._$wD..&.=e..}r..P).b+...G..z..?g0./..V.z~..!..3=...B0I.$../.....E..............V...N.,.!../.mnw..~.Z.M....G.%..E..I.I...9....5o....P..N...^.(.. "w..
                                        C:\Program Files (x86)\Microsoft Office\Office16\Microsoft.Lync.Model.zip
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):87133
                                        Entropy (8bit):7.99774255273322
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:D7467441AAFBA990089F9AB3DBFA9959
                                        SHA1:FE80AEE09D57A1BB70909C13625F10E0E846D347
                                        SHA-256:76D582115316816390BBE257D0C5AC95A8E433C997EC236A1FDECC1C86F325A9
                                        SHA-512:5CC9EA6E3D299ACB918638D8ECE44FCF696BCAD3C714BE9024AFE99C318D280F10691747F39C0F48BBC33365D4A23A30AFB4317BE50A6CBA116DC7532A6796D6
                                        Malicious:true
                                        Preview: .\..6...g3{BhD..k.....p..M..=,(.bUY.D....I].&..d...yd.$s.!\.a+R...I'F*....,.9..b...x.cj`.qh....E.8W.....i......5..._..tW.e.h.....h.=\L.%...`..o....8...N5Cc.).ht....0I..).. ..mj....!=;y..Jp.k?bO.h...7...I...ma.......X..8%..0.)r..<`..%p-c.~...<.5....jy..m/.u....8...........zD..#....S.)....6`.....5.&........8.P.j9..\e,3..K.....Vmb{7..,.V..&._.yJ.|..+...9..........8N........9..Z..K...1..oN.4}...]Cj.n...F...r..n...2.w}...Y.).[.6W...-....V......T.._....6v..Fd......~!Z..b.....%...a.|5.T.............$.GR.........]w..3..%....p...<..Ak...#\.........r`nisE...L.~iA\&G,a.....Q..V..^*1....R...a..x!...GkpS.dD..F,.J<.6/k...,.t..I.jY>..j~.mWI.T....am._....0*..'.`s.?.%L...DL.k....[.B..}1|]*...-.R.....G.^.^X.gW./H.....}.....uU..........Z.M.H.o...v.zT....+...g7.*.A......D57... .0..Z...d...QG..oa. ..b..j..^..$c[J.M...n..r...4......i..T5...(..>.W.)..+r....o`..f."&B..txE....RU/..=(..k......'.l*..u.....HH.].^.......'j........>R3.....k~b.DH..#.5...D.q.`..b..`.>!j.
                                        C:\Program Files (x86)\Microsoft Office\Office16\Microsoft.Lync.Utilities.Controls.zip
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):29322
                                        Entropy (8bit):7.9935639025348655
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:56FA45F8049A1B6465FC546CD51D9B90
                                        SHA1:1D4AF6F38DBEBEDA3AD83BADD294341709BEE835
                                        SHA-256:5153548C258DB8C9D7596494A63D2CE61328208DC67B13789E04E36E1E2F342A
                                        SHA-512:F4F226592DC734D30C20EF93FB7BDEF47E26A65F8B3AFB5F72DFAE7DD41E8571CFC3BDA084DE79532F953C6697680F2C69063DCE4FB481575E272D1DD4D49761
                                        Malicious:true
                                        Preview: ...V.......+..v.[Sy{_b........mp.mCpA=e.S.n.H........2Y...rF.c.@EZ.%....fv;!R0.3S...B.?vY#x...'.@.[....v...p(A`(....8..."......b'...wS.P..c.vC8...ML...D..}..ex.U.D.+p$.8..8H".\e..k..z.B..jj..B.Y.mQR)X.8...k3m$'.)..h.iw%.G.S.....Tp+D.2=......%@{A.S>Y7.GV)...".z"".9.Lz....K..t.7....i....6.Wp.....n.......k..r[.QK..l(..f.Hn.........B....|).....R|^..W.....R.[...t........e...aW..|..y.........)=s..f...:p..Y#1#.....rV.............C.i..I.....=.P...*.`.j#p$..o(...p.)....j.....Y.b..'.pM=.3&............$.tp......P.a.....~)........f0.s..)g<.h...FG...t.zG.P.Nn....lN..A1~.oe.[.u.=.....N8.W....,.;.$.+....\s.I.......=..)~...K..1........N.G.mR..<.nGE3...w*...8*T..0-.*.c...h.8^^...~a.0..W..O.........r.\....=...>.Gs..h.u3..I..uW../.j$.M....H..z.G...~.e..0...'...=....q.......U......}.,s.a.-..z.i.{.I...Lp..y.u.a@..Z.. .c..'.<W.#.M..)#u......g_.b.B..E........&A.........]...c.U.....N`.Y.M["......2~...p...M... .~...;.D...:|m..&l.ES.2.....$....H...?.S.....1.{.!...1
                                        C:\Program Files (x86)\Microsoft Office\Office16\Microsoft.Lync.Utilities.zip
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):71027
                                        Entropy (8bit):7.997478262504019
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:C706EE36CD334A8532E8B0C5FD772AD8
                                        SHA1:DEFEB0F6F7A7A7E138728872D0F0F54A57B83387
                                        SHA-256:DC8DB21B08E16FE0318B036FEA0903133ACF65471C0EA24E953D1B3BF36528D1
                                        SHA-512:82A9EDC9624DD2B8F71379B98FAC3EC6940A6464124EE3E60E7CA9125713815D7146F0F687B42C2619DF522B86AAD44768483F0AF29A9154AD8F4F4EA40B2F41
                                        Malicious:true
                                        Preview: ..3.!.Sg......j.R..j<.5..#.....N.g.`..X.oiy..!:Se.m..~...91..X>...ss....?.N.!3F".}......Q.:.......y.@>.-.....T`...&-*E.a......I...1.9.^.....\....9x.K.>$.gkW.I.x.... ..XY....v.....q2.2h=.....].U!........Ii[g.{.L|..&W.;..[8.+..eq7.v8R`....e].KO.<.h.O.g*.....4..].....[.C.v&..`...ox...3.).U9..b...E*......O@....b.....@qD....N..e.K........W....q5...JI.@g..'_..........$.<......AupM5 .^..E...Kq.....uo.Cf.j..+.Z.h....e..4..GM....D,._.k3...n..6..........e-|vI....?.......O.i*`6.......6..]...g..K................$.]........">.7..J=^F:.=n.K..*.uIRi.{.......e...q.&y..2 x].v(...........V.ZO...-)...M[-..C)..;......6+..i.m..{j'..Ht-.mA..r...%.9.j.../.?86.Wd...._.....M:..Bi..:....$..,..^.(......gt.RY.T9.h6|..M....Q.....^BX.:[.$.D..e3*.9fP.7../.a...x.o.d.m..m..z..\@.,8.._.*.......\e.z.8._w.e...QR.A.i......9...K....x..;&.+1.p{..6..dmd9..s....(G>.2&.....+B..C...fg.Z..Z.9..;y%V;....msi......?....P.U..EP..I....vtr..a..kdx...ls..~....7S.....w.9.......e.J9.Z`.7....)
                                        C:\Program Files (x86)\Microsoft Office\Office16\NativeHostAnnotationApp.xap
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):288444
                                        Entropy (8bit):7.999375256409517
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:6FCD8016504311A35BDA7A400DC57E71
                                        SHA1:3F02D9DD4B6829EA39D5C432CA9F46625C04237A
                                        SHA-256:0908CB86C7D187AE16328884DF1C6E7834BE83B4EF90A15691C0C2873B28737D
                                        SHA-512:83C985B8F50A1D764A4C5C2B92EF0AF4CAF393962DA346CC78151FDAC6DAF0CE335957451ED2C9C8A8BB018C8B25BF0FC94A60B0E6A32FB94A608DC3E6B553B3
                                        Malicious:true
                                        Preview: 9...,........d..\i.}!..?#....wrp.-S7/2..D.EAc....P&I..~.YF.."<...wx.....Rx...*.F.B.Gss.....3s.G..i.y3.O...8;.......77.y..0S....l.|.c$.1t..C(j.........0.t#....T1.H....`'`............j6..7>.~7#.........B..a.CE..0.0.f4...T....H2O.5y.L*.'.O.B.d...P...)*...D..iaz..5...w.79.|,(...P....K_.n.O....e4XKx...R....F...fQ.?..V..w..oT@-]....q..B`.-m..O..HZ.x..iA...Q....l...V.7.a....t...E..@,..+........3...._?....5..r..}^N*u.9..z.S...8d...........@.4L.Pb.j.........}.M.....#c|.!&.n."...P.L.c.To+5..............$..d.......:.XaHo.B...5W..8.&.....A.......Li!.A1.A.\EzMj_..T.ai}.......I..GR..z....S.UU../..^..M8.......93...?s2..m..X.0.w..8A......}9.+..i@.......L.nh.#.m...:.Bt...[V...:H.....D+Y.rFX..X.+..,.Ns..._.Di...Fd*......=...sm.l...T....H.J5.en..).0.....9.......4=.......f...)...C.?....S.l....s..TlD1..{zDG....z.c....0.Z..C0t.\..7M.....X.Z.u..9s[...dI...G.G&e,h...NT>j.[..s..`.. ..j.z....._b..y.y..]+hoC..<...V.[Q......B)..`..(.V..p7....d..?....:....aK..qks.$.
                                        C:\Program Files (x86)\Microsoft Office\Office16\NativeHostPollApp.xap
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):108811
                                        Entropy (8bit):7.998094554476541
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:3648DF7306E365514551FEABF9A53AF9
                                        SHA1:BCCB25BEFAC720CF77A76F4CD6761E1D591D3D60
                                        SHA-256:C87E539EA6A4025D23D03E12B125CE159342385A67F978337128473B8D8916CB
                                        SHA-512:5D2E0DBB3A076A8606C780D7F56F9055EAB71E1EB071BFAFBD59C6D57B95ECA431B3113417DE285DE7530A94C35AE8FD58CAE5D343E5583EB8DE299EBB1FCC54
                                        Malicious:true
                                        Preview: ......*0.>.%...O!..?.aI.~..........1...p...;..Y.x!...D..w4.U.......8.n....%[G..=.U......S.m../.w.K.tvndw!.%....!.....K6...7.3..1W/....(|..)x.l...U..-A-V..]...^.....gN....9...5.d...*D....q]\m.J......F.@.s...r...}.....Y..N.-.....R.l5^...%0..y...R..8.@{...j.h-..;.../..d.n.j..C^.8].......<..K...0.,...^.:..r...J....1n.>H.4.....0.....y..y.*...6..\s*.R.........H`3..E......j..h..4.....gv......g..Y^..}.$......L,..H.g.........b..-.9..y12".....Y).m.x........e.....+^..u>2...{...b.Y...|............$...........,...*/c..s..E,..2E...q..'.q&..{5.......V.F.g...!..F ....g?.k1.FB&7.J....zL.&KY..{h..fc..K....0.o.H..'.....-..'.......0..N5z...i.3.........Xb.,,8a...".......k..Q..4......1.B..D^.:J\.7...2]......71....;d`.T._GN....x.+.Y..e6...W>..5..IF.Z.....k...j........m....l...Bn...=.L.a..H}y(.....x..s.N...,...Tt.1Y.).....,..9..........)<.f..d..[M...dS^..G..,..@..~o....H....f...X..y.f`..p..]@P.-."~%...a1.T.Jb..(....M...M.....{........C.%...u2.7+...,......
                                        C:\Program Files (x86)\Microsoft Office\Office16\OMML2MML.XSL
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):95442
                                        Entropy (8bit):7.997609952371052
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:94B6D3C04867A4EBE4D53F3568280E9A
                                        SHA1:5CE410222EBF17DA5C8B3E630ECA870F4F70F879
                                        SHA-256:4F9CD21B820F0217BB9EAE8791E750105C78CEAC9536B1D0FAEC95A7CB344B0F
                                        SHA-512:3A143B21C1B03E31F8D8CA030491F09FB544E8C82D53ABB020C0158E817FE4657798A9686047470E6C606310D60D6EE53FA636E9ABE5AE6AF2F55E2C6211AC34
                                        Malicious:true
                                        Preview: ,.v{$..|.>.ND..#..Ch....oa......m=..k.Z....i.Y:....`.0G.z.,..9hE.t.Hw...m..b.`.X.... 8..q.N..@.....}fL1...M.....9d.......n..s^....o...../... Z...&......%.D.h8.H.[*I....%<...o.@.%L......".]. ..GO.[.v..}k.b..P..Q.@....F.@!...F9....kb^bZ-.....5...S.P.b...k@N..p..I.b.f....E.A=B...J......{...X..]..O}I...G.K../6.8.k.l...[m!....\...ko...A.a.w....]<.5.....<.....Fb.%[..D.7...[.1F...<mq....3...t!.=.....8.f....zf.j..~.T9..T.7.u.I.....U...$d.\.....P...@.v.|O.*!j.%.p.]9..D.KR..Yto.......024............$..r........Y.E....,y.<.E.mW....TV`..4o4E[c.*p..5...&L..h\..vr..M.g.Q.@...k..03.K....(.W...V..3..';....}.~...MM.......(..\#....U.*..F.J...d..F &.A...u.&....3~.f....+.V+....e"...4$.{[.bF........]...tN.}D.!.......2.;@Q..g...C.R..B....~.F..%.}F.@.....F.T.C....|@.(,r.KIc.=B..U.}I...[U.......YBm.......w..|.B...o{.I&....cgg.-....W..t...G......=.tG.).@$..w.K.ze^C].u... R....p......$.Qzd...@ZK...~.m.U....4.C;W..`kPU.!...J..s..S.G5.>$=...,.%.Uc.x..0
                                        C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):876
                                        Entropy (8bit):7.72005353592998
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B44FFB1E635BAF08E712C988B2F1BED4
                                        SHA1:52AD930D555B9B21045CCC06E1752AFF818BBDDD
                                        SHA-256:D4AF13510D904D534971F8CB641D20866BF38A95B87EAED37BD9E3FBD0A289EB
                                        SHA-512:AA8F601BA388ED10135F588A8BF0F2E6FC320BB838CDF84D60FB83A6FF2145B620594E85B36A6FF923748FB29162C77C25F7D49B46DC98152531FCD085089C3E
                                        Malicious:false
                                        Preview: .......h`......*.._d.F.g....V.4..#.h.i.g....g..UB."....s.B.....=...4d.i.........n...#`.`8....n..._!?Y..}...p....oB.Q.x...........I-........U..#V.F+R..q:...q...v.O.m...7"A...C.g..)..].=P8;..|.Qb.3o...{Yy..{<..u..Y.9r.O{^........8|Q...u..2_p.~...F...J.....|X..._......h..,...!d.q..N<..y)........w.......io...OhJ..\...`.S[...UQVd.A.tV.f....m6.|..6.:.......;.y..y.R.1_.. .._..4........X./.g..H....*&X..%.{..p...Q..kV.@..........N.z#......5_TvN..!......L.n....r.i..+...."K...X..............$.V.......4..k_Y..x.z..n.......+.......@)...Nz.}_..~KV...3]..i.@...aS............e'VK...K."L.#.;.5.....5....R5x..;.Bk-.5eU{.Zw.G[.NM.. #..(J.._r...x.........e...kl.{.b).Fv..h.{..kp..E.:...Vk...!...A_.~.s.k...-.p|:...V7.u;K^l'..n.P....A...z.}I.,QK....-..".>.....MX-.....p...L....)....8.....#8.h.f.$_.KF...$.RS...I...G.H.`...U......?..
                                        C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTM
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):175062
                                        Entropy (8bit):7.998863877804539
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:56E4F4CCFBA37B59BBFB2954FA9CA426
                                        SHA1:504CAFC81C0B437C157BE3B400B3B7D119AE8ADD
                                        SHA-256:D4C4FC19379B8A931A5F03BDADABD4D1D01A34FDF6881388914A3FE7B0B1CA0C
                                        SHA-512:6F07638131C0960C95B046B797440AFC3F69E5292B4446FB0752F62FEDA1D15F87FC38AD46A3318930112AC371010D6240EDA761AE95B12AE102A51C2833CDAC
                                        Malicious:true
                                        Preview: D.+.".Z.H....e..%.,..d.L.#KfB:Me....Y.h-...J..R.Y..s......C.z.._..quq.'....7..c.tb...A.jl.>....w..G1....?.r...9T.a.:...Z.L.))."..B/Xo+..O....{.<E....q.v...j.F...A.f...."..H.. ...{....~....r2.5..x^.....K...../.q.`..|.....?...?/...!.6....t..V..)|Qw.A".R.....-\.....Qz>...I...$.a.SK.K..7....>...wV.C.\_..."....l.........<.>.....(..]...&.....W..:Y..j......l...w.J.\...j_....R\....d..~...enr..%..`e..nC.n8p...D.N.G.2..9.v..8V."%......K........G....Q>.S........f...Q..3...}..V.......O.............$..........Fv..f...T.W#.e(NV"..v.R.......|b..n..:@1..'<..A.!....2F..~4....0...f..H....<G...Kxu.O....\.#.......%.._..e*u0..2..'..8M.8..^..PP.G.#tS)....W..E.f.gJ.3A..N7.f.+u..n7.Z./.$....y..v(X...lv.tM;/..I.)...t...[....J.].6h..j.w.c.i.....d.IWw...R.?...l.F..U..5..A5....f.*.G..B.T..3..F....].V.......`....o.0.T...L.7..j.... `=Y........P%.Hs.....%_.t\...a..iJX.\B.H\[..r/&[...P...K...l0^YIpj..r..IVBj.7.n!...\Y.gml..9...U)...&.>..\.D.....|..(j.b. mr`v.{.B.6...
                                        C:\Program Files (x86)\Microsoft Office\Office16\OSPP.VBS
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):92421
                                        Entropy (8bit):7.998441560291399
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:6CAE64D4E7CE884FDC50C20509D2D32A
                                        SHA1:494F2A43C3976140427C5A1FA27E989499507FFE
                                        SHA-256:ECA2517A7E99E6CD1397049B120F3708C0EDDE2F8BA6D908808F68D3BCA36571
                                        SHA-512:00BA57D6227B2073603D1C936C72AEC0472DFA1A61B9485BCF0857CE975D4F99AE4133199B5360186B5B0EE7805D5888720523E01B9E9A55CCE2F0A79DADAAD2
                                        Malicious:true
                                        Preview: .9.8..`.K^.L..kbI_\dn.MWq..$.Rs..d>.L}.........bf.....+!.E4.8...i.3bSp.>..."8................'o.t>..T.Z.X.Y..kh..}....#=..p..TB?...! .Y\......di,..b...WP .QK....d!....:..T..k+BO[.G.P....^'.)...}EYR..R{F.........h.Q..&r.l.'....w.A=55.b>..(................et8v.k..cf.8@Z....{..yr...^F.....v..P1.\M..Q......a...Js.$.um..4.j.....n....x....z...Q..a..Iz!.sd..Z.L"..gQE.J.".mk..`. ......@.9.P. ..#.~..+c..o.......hcff........k...f.....m.0i^xC+o...O....3_/g.Tz.......=.(.I}<]b|.HX}./z................$..f.......k..eKeA.>..N..`...s...o.R.&..3.%.fw8......'1t.9..ed.(..U:Tn .^.F....A...J.k..p..q<..2].1.S..Z.L....-O@..FH{..G....]JH...EC].7.W....-..m.....}.*....R..]3...E.m....7.G&M0.di.f7..h.......pT..Q.W@z.A.'........%...m.D.+.{.....=........f4.@.9..A...*.....R...!~..m{}v....W@+....q.6r.u...3...m3.........Y.(......... G0...).../..L.w..&.O.>.0.u'$..ui....b..qO.....s..5F..x-(x....?f..Y2.+0...)e.r.h.....D.=.eu...&B..GKL.W..%..W.....F.6...]....".|$..g...
                                        C:\Program Files (x86)\Microsoft Office\Office16\OUTLFLTR.DAT
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999816255564302
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:7887EE9E6D564B627C79CBA2727E4674
                                        SHA1:EAD2FE2BBEEE932678C3586C203670F376AE630A
                                        SHA-256:CFAC65E3F2D12BA02C1EF0B66E4C95B74665F0C7C9568389938BEC0D2646F5C1
                                        SHA-512:F38CCE3E77E4CDE1474295E310A8C5A2777E3133A55B895FF094485BEEFCCB20B39A371D5A5318FA5DAD3024B55027E9CA157F692241E24FC323ECB3EEFE1451
                                        Malicious:true
                                        Preview: E7X.RC..k.........DW.jTyF.$...5.6.}..0qE/.]#.._..o..O`/..g.dC.&...A..I.+:.j...^..z...........&P}...1.}.s......v..]94?./O.......RQ......Pk.RX.htZ.%-F...b.o....X...|.[...GV9..A.;.../.Y..4&I0...M6E.V..^.V..."."..i...e..AqG......%.,..uA<l|yj[.....`.n..Qmd.{.h/.V..`...Y-u..........\.a.....=V.=.2....L}|..V|....8*;.b~3.6@P\.U.!%3o..^B25.. .t?f.G.T.Z.D..y.W..|p..9`.......w.7$....{..#t.l'...zni..'....Q.+.....bhJ...^$..g.'.....9..20R.?q...W6.k....`.g|.E...l6.....K+.8Zj.o..E..]l~...8..*..;..%............&...7.........y]..8.......:..M__..7....v,.[......iw6.*.m.C..M6..#..q.X4.|.....p....F.$}[..=F.;J.T...).L..TUS...i..E....I..7y..Q.<..Z..3.o&.q..a6p..DE..n.)...KX...._...(.c.#]..kc.K..8EW.82\=.W.f...l.3.6R...m.;.n(...`....t..]....|wF.........1./B.Y.00.y.L.w.K...2.|..{H.vs2U.+c..).gP...>QQil...b..._..=....?MZ.E9{@w..kT=.;6.K.......l..(..H..-b...F...ku......_.}'....icItGmX..z+.S_t.....U.....f).b.....|.S...d).K.T...#.....j...v\...a..5.H.~....j.*..q.
                                        C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):876
                                        Entropy (8bit):7.728983451315055
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:47930497EC9B2ED255AD4F54CAE98143
                                        SHA1:3F6875ABEFE631DED3AECE17A1805197CAB47765
                                        SHA-256:EDA4B7D5C285961917E52FD5BDDAB7CD7DE5656DE395322F9938F3F984CB5719
                                        SHA-512:C462A2CB3E6511E68717760CB1279ABF55FEBADAF1BBC3AE5F033830CA30029F8569FB5669692987A580AFCA0E98A8F32F494C245C5E3024516AF86C332FB3C3
                                        Malicious:false
                                        Preview: ....L....Q....J2.:.X.V.Bu.N.E.J[.^..e..O...q...].l^>..h.7.H.v.....UD..E;..x.....%aq....]...Q....e..V..F...P"....@U.P...Oy.]?.q.j.E.....y.u7.g ..f..X.7..H..C.;.G.|R...b.x:.[..S.....CbC/s...2._..I.+....1..JLB.e.'...I..a......C...A./....;..<...C.......'C8...Lu.=.j.B..H.aD[.A....YZ..j..j.C......K.....z5B...C.fN...........`0MD.1..._.C&[{.D..h.....3N..>...#.].F..*0.)..;.....1....J..P.f.E..y...D.B-..d....}ml@=:.....K(.l$...1.~.....b....Q....H..[.M.5.V..c..;..R.Zs.5M..xM.`O.V.f.X.X.T`..d..6.F............$.V........... .d.Etx;>rfG...>.>MF,...q4z..XN.d}._.......e.M.1.]o..o.$.(|k.@....kM.O.s.L..i...o...X......K.+.F..0{>..DS....L...G.c.Y..W.vU........?.-/....g...y.P.q.....y...p.......r).FE......M..m#.j.!.>.T8HR-..R.`...0.|..%Gb.....f8...i.X.d.Rz.".........c9..2...?<..2.<.EV.....K.>..*.t....A].i.[..0.b5t.,`..-.]MME.].9s..%...*.5............9
                                        C:\Program Files (x86)\Microsoft Office\Office16\Ocomprivate.zip
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):88881
                                        Entropy (8bit):7.998329966240605
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:87864333B9F25DD99A8E836B926D4B29
                                        SHA1:D59273E1800E253BE93D43ECC1508D425FFE2BA0
                                        SHA-256:B725834ACFF09F1F34448A7939F10A1338EABE04FB5C766FB57364AE63EC7CB2
                                        SHA-512:1620794505CA0053C874D00ED12CCB7A9E299F85C6E375BB949C677271C63445A7DB7FC7C1C37AA5B41CD318AC876265BB48B744C6FC56D5D59D513B41341B1F
                                        Malicious:true
                                        Preview: A_...'5GX......r05z9rSF.[.<...?.Z.~.n'H]......-..R..,z;X'R....,.2...;.....L....D.....g....6./n..ve..MHvr..P..b..=.Z......(r.%Z..}...8Y...64....e..,.J.N...g...>#.u.F.'.~<A..G..#...bEmSU.]..K.... ..y...NZ.Gu.!..Qh.....iG(.V%.Wv.j...xF..../......z.K..)......~...*.&...,........,.....J...zf..+O.K..Z..A.0.}...e\P.*..*...G..f..&.7w..a.C..!v2...D....j......J.....<.v ..e...o}.`.....f....{.X.Z|Q.+.;..b....I$L....]:..A..$.q.A1..Q..;..+..8.\.W.....i.ej.`J.K............VD.^.....].9.s.....7..a'^............$..Y......g.3...d...,TDz....sI|.....|!..#%J.....pO.sf..\.....`Q.:|...&..]...:..y.......%zT.k.'O...X..\x.u..,.......W[...~...,.b..*S..#.82..L..U.....7I0#..<..X.E..B...|..J...b..k..+..h...B...~.....uy....t5...2..OZb.....@..B.|.H}..L!.W..,...kW....R..a!....o..o...nN........9.3*.....8@...Pf....|b.n.\.y.y..n.<++..}r*..`...pY.Vc=.Z.gb.`...k9..(p.x..U../........f.1...+.........L4...b3...9."2...*p...<........Nm{*;.$.y.+...B..5W.S...A.R.G_a..[.+.Y...D%%..6..M8B`..h
                                        C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):878
                                        Entropy (8bit):7.742695349055812
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:77C4CF217028600CBEB43AA09F98D6B3
                                        SHA1:FB35FDA1883154702DD2F603865E4EC87EDE37B1
                                        SHA-256:9507F1FA51F1244FBC7FF8F0F6AA625595E5824674084C220FB69021A76CD732
                                        SHA-512:C57A13A9355EA0B0E45C5D8F644299BC6344418475ABAC63D0CE0FA24FD264E542F6E2FC106DCA7B60754C1D884A8DDE04C5980786D968436338532B166F7B6D
                                        Malicious:false
                                        Preview: .P..$..4\+.Z..x'...k..p....=P."......0|..a......1..i../....w.?==......n.-.JM..B.....$H\..~.)....$..|=qGDd..(..].......s..R<5G.M.Mo..1S.Z_............-.h.&X.p{C.,..K.+...E.D.0......B.(.*...."8..!...!..... .&.;`..v.....D:..-..5g..<...R..;..fP.U..z...`.J...E....=...b..c....v......<.^....L....*...~.!....%...U.o.1..j..z~`.X^L.}.1i5.6-..q...A-}..z...`=.@..8..B.P.)y.#.....r.a...t.E..........I.....s<.W.xm3..".6.....[...M.....h4!I.Aub.:9.b...9@..snj..L.....$.....~.CC;.'.Z....\9..._.r..o.?]............$.X........sY..wm..P.Y.x..D.J..M..z.g...\...P^$).].2'!N!..P...St..X.R.\.WD.....I.....G..)le8.k"Q..y.~.P.......g~W....5:......A.......UQ]..oW.`........E...4.TD...D........ .qF..Sd.vq\rHi~...a.....I.$.'......F....Y~.u#.L..Vo.....q`0.LDtZ}<....0..V.#Q...hS.W......M.Q(.qV.s....|.|$I9c:.Fo%...0G 8....I.....<..2.H....0..p..Lo
                                        C:\Program Files (x86)\Microsoft Office\Office16\REMINDER.WAV
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):109334
                                        Entropy (8bit):7.998292601118517
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:9E1E4EEDBB60AB01448AC0716AFD1F09
                                        SHA1:1301BF8CD7B287267C83B807F2F9F03ED8015EC8
                                        SHA-256:0FBA30FAA5FFBB41582D20D42CE9D43E87FFD55B10829FBCA3852317B5BD9C1C
                                        SHA-512:5AF489B74FA3654BECBB45838F4AAFC732A7DF62880951D6AE62AC22EE17580E3AF00A4EE654E6D41FF10324470C55BF5EB0BA736B491800D4C05584D9BE2132
                                        Malicious:true
                                        Preview: a ..v.W.Z. L}k.d.(.:..L%.];..cE...~N..!...Z8~....aW.....:.E.(........>"-..sf..p..7.t;.|v<HrG!{. ..[H$.H..*.7_ig..C.._z...".f..Dz......A#..V-..v w.R.>M.P.u.)......]....0...!.N.CP.....I....}....h.!....>.n.&..;..N%.#.b..Z+Ya.6..q..>GJ..j.t..qH.:.R......R.e...K..M.v.O..'Re...K.s.M..%.s=.....]..2h[....mH.}..Q+.hQ...1y ..r..?e..w4Vt.Y.t.y+G..F...;1i...:./..Utq...B+..:.)4.Db..?D...[y..9o. f....X...c.fO..(e.....VfV.....j...%.u...N..%|..K..l.......}.i..|.5......qj4.5...@1.. {..1...../..*.V..5D............$..........[...J.Wo..?.!J....NN..#.;.mG..E.%..vd1~..m..`.u...DF../......Zh.v.{..ST.Zlt.8....i.|..k.U..`q....&..^4...Y...8K.^5......1.<w...bg./..A?.R.M...:3..1.L!...S.M(...+<'u.k.P..ub...XKE.,].1.g<lw..[^.~+...]A.B...}N..}.R...~8...#......e.o..L........%...|...4W.....0..\.........J..x....0n..d....1.5p.hB...;.....H:.o....v.....~.B.....?.dXTv&...."........W....K.H..'.....bBl.8..mW.@.C.....!E..t*].\.OlI....(.l.J*.v.5..[|..`2..dU...v..CJ.gK8'...6..R..
                                        C:\Program Files (x86)\Microsoft Office\Office16\RSWOP.ICM
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):218637
                                        Entropy (8bit):7.999318270954534
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:BD53C5F6FBCDEBA3F02CABE35CEE850E
                                        SHA1:3BE25131A28EA052079DB90D05472DC92EB936B0
                                        SHA-256:5B816F5361F4170AF373036DB72E5A182A2387F81AD04ADE6CC0364F2AF76CC4
                                        SHA-512:3839378CE2741FDBE2F6C4D5213977B950953F33C8462929190ACA72E12EC5227AE4588CE5A3A57AE479000F1719CB058368CB0FD3F249A7569CE74F51D14A37
                                        Malicious:true
                                        Preview: .......N..w<W.xhY.:.5.n..q.....i9.QR.C.;....}.......l...X.$.-.QA...q.~....X.....'......Y...Kp....l......8.l.V..+...I.u-......W_V.h.p/a..u....H`~3....Y.A/.a.'..HS.Y|.t....-....../.V.-..xq.......D.xl.:.).#.E..\m....8.......lWe..n.i..e........y......`z...#.p.<.#..1....i.g.>|JKn..S...Lt.`..%..3j.....5...U.!....Xr.A."......m...W..../#C`...L.G.3...2.2K..}........D.7:........>.V.e...Z.3w.*c@..Ga..0.....f%..QX.J...2j8r...zg..7S......X....S,'.A...M..........`K..w....... ..{..z.@.rh.........%..h............$..S............_z..}B.OG.......@zDp...D.!}U|.g..._./A.*JCq*..E......"@..[.Q..>...q{.X...&.c..}.9.4x.:.0......8.x.).J.q.K...|i.9>....z.[pEWe...DH8f.o.m...c...m$EV.....|j. S.....%.q......l.....Ue....=.-..t.0.......0&.c..4#....g..._.o.VA@C...O.y.m.z{...@~D.....r...@.MU./..2e Pj.......hlE........t...f...u~..<..(l...h.-....u..]..G.('i"3.d.0....:.P...ZB../\S..6..2.....8.@..6..k[ ...9..(...9.Kv..Nc......L..'.2...$nE.3../.4............9gL.5....>..8A..>...We
                                        C:\Program Files (x86)\Microsoft Office\Office16\Resources.pri
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):47574
                                        Entropy (8bit):7.9959805776423964
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:BD346FC21B13A9294F3BDD289C5AED3C
                                        SHA1:443261CCE654E5700CD37946F7FAB6F426A0E73E
                                        SHA-256:50A23215D511F1DB6CD8A6E74546CAFC1ADF67974F064C36F6733A2A8FAFB615
                                        SHA-512:0A40069138294861152EA3B4412E3680E358CCB2617F408708C2076721726DD3664A8F8A1D1CF9D07F4A79979AF543295B7F6B9AF2060FFD079DD9F120363D75
                                        Malicious:true
                                        Preview: ....Cf..R-.u8.Q..*.........7x.C. @1....ze.7..$.Y...8...~g....p...;.n/.T..PL.....E.:..o.}.[..5.m.%).k....B..s.T..s.g+,K.)6zD/&;Q@..A......QA..V.......P..;Z...u...vC..jVQ.mj;i..BQL}........-....7_>...T...NvW..$........(X15....(."*UL..-..@..4F....Ls7'.[.....!(.S.W.... .#.....Jt.t..n....Z{....4%.mU[.;..`.&.z^I...+.u.......m.-,....^x..{Gv.1|t..PO..t=...}.....}.}...#.......Di......A..n.M...raI.i51k_..........C....U.r..$k.....b...;.B.x...]:..j.i...|...._.vP...O(..Kln..:E}k.l<..7.<.D..h..]..J..............$...........a..F=7f*J.++.Z.:..5{b .x.. .Dd...&.\....2wYS....5.)._.//...h7'..(..!...9..{.*P....p..c.w............(.....R..Jj.....D'.....S..e(....._6@..........B.'..3...c..]O.....v..g ..M..r0}o.$. ....O.IPC.T.AK...$..G.,+....c..,Et9s*.A(6`O..d8R.Q.k..s.!..L.. b..x..o...B.W..0.).. .?.$FP.q.......%B$..\.{.:U....L....a....]..V..........E.....A..-E....{Nz....)...%..>.v.rM.k.R.5.:.9$.....!5.gk.cj..J.b.....(.T..v8...4...,...xE2....1.h....../(...~.."v.B..J
                                        C:\Program Files (x86)\Microsoft Office\Office16\SLERROR.XML
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):36870
                                        Entropy (8bit):7.994513649161054
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:0A591D74FB8EEB6E76788AA34B48C4AC
                                        SHA1:F78E0DC11EE0B5B83DDF91EAFBB7B2946D45F464
                                        SHA-256:27B14D020C7167A88817B1BE574348F02FAA7EB9E7FD605EDC3495F46EF85440
                                        SHA-512:B31F4619DAF73A3507946AEF96E8B2F80CE7EFBC984042AF086B01FC6CD3E30C8713490C13EB9554EE0E81FAC9EF51C3159F5798BBF20C439F6837836602FE7C
                                        Malicious:true
                                        Preview: ..-."..4..xo.....d..PI.`+C..]...G._....5..<..M..X..z.l..+i..,|.)j..iJyv..b...|..d.lhy..S....7d...H.bw...CY....54.c.ANC>.....^..N..j.&.'.....6.`..g.M..W..2!...f....,](u.g.........vVfz.4.=o.@...E,...W..`........uF;.s2\.3......+.._.:..J.~.."b/h.\.s.E...7.[....<..N3...8?3....D.z.h.2..W.e.BB..$.?E.65h.4...X.0W.b..c.r..X7.:..z..1.i.t........3..\.V.J.F..,....8.....PX.~.kax*.U.%.AP\#.="E.. .o..yx[+..5....?.q...:Q...=..@Jx(....?6W.....u.(....6.L.071dI.......mT<.....x..f.@...K.I.z...k.cY..z..Y..?:.............$..........8.;[..`.o....#.5|..<.!.|..7.#..0...\...Q.E%.#...M^!I.!+...-.;.`...`....W-W.1...........-..f..4..[....V..V..h..A.c^^.1_r].G(.....-.,.a..+.5.....8.Ig....G"...sV;aT.a!.D]...5?.e..|wDJ}.|.D..".%..P..._..X[...R..R.....U.W.!...u.M1)......u{..C.M>.d..k.3.......~.>...{?X.<.Es...:7..5..[Qs...ad.Q0....3.e9....FG. IY=...G...A.+...S....;.H.Ty.e.^......M]..%;^.X.......i.Q....nX.!..{...f.w..OAi..f........>....J{7&..c..C..I..J.Y...1`.....?....t....[..
                                        C:\Program Files (x86)\Microsoft Office\Office16\System.Windows.Controls.Theming.Toolkit.zip
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):12062
                                        Entropy (8bit):7.980721349972841
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:883AAEE87E06C483D07404FF0ED9E83F
                                        SHA1:88A6EB5BF145C0378AF504070C75D748214B748E
                                        SHA-256:5D7DD68CDE2F5D884DD818132B308B8F35C47A69F748C8C9663C516B45347DF6
                                        SHA-512:2DD9AF2D24D4122348F4EF30A04DBFA4F55BFBAB9D57AA57F5AA8C394E4AAFEE0E55FCF418E0B3F9E287398682864D0A3697EEEB8E6545278532C4562CC751FD
                                        Malicious:false
                                        Preview: ..Y..... 0..K..*.........._....7...'....fr.t.h.V.e.4z.!.,..kB.y.t.j..j......q........&'...Zv......H^......;..~..V...]7.....\...,.../)x:..#..=....l.h...L.......?+.I.J..)+P......V......1.+.!.!...4&Mg..c..".V.hUr.I...._..}.CD...^.+.x.{.!.u).....*.F.<.z^...S...G..R,y....#.]Qh.\r.3..D...t...>..[3...7..+:o... .f..c..........Y..IR:Mb.....@h.r..9..I!4...C...$..K.....uW.US.....bU. .Dk.o..Is..hq...*...*_....PoU.... m1..A.U...Aa..S^kg..yk.....n.AV......[v_).GXa..P..j...@..y.....!a.J.{.|............$..-.......4.~..6....Cw.....[|\65...+...._..3...."..-.1P.V....l6.T?..ku..-..e(S.eJ.....!....Y\L......C.m....)..*$.]..f.....4l8K...=.T~...t>c.......K.....)}V\C....Z$..uo.?.QU.4.k.....3....d.~.{.%...<...8..,..x...6.L?.U..;.b..6..),Df....c.z..#j..hL(..c....y>...^.Y~S|/...2O.:.....6.Ebz...3...uO..hj....F..I...YN.w"..3 ..J.......O^..G...c..T..E......c...4..g.j.....k.E_..@[.u..R.szc.]!...aMw.d.:..p...?&.XV?..N.....n.-.<.... \.........[..C..rf.......'.
                                        C:\Program Files (x86)\Microsoft Office\Office16\VisioCustom.propdesc
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1690
                                        Entropy (8bit):7.88843984044412
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:83008B6EB82E13B121233E82158494D1
                                        SHA1:E1583B849EA9968DD001DE9C4F094860E873EFD3
                                        SHA-256:47D10C4037141EA7360256E6D78D3CEAF20124262503E4A0B4B763C55359F12D
                                        SHA-512:40A377D594FBD346DB6C6E54B1872CD8CE716E8485FD71F446DBB4F0C21B461CE67BC7FD376679CE26991AD9E4C24E8F27FD728D7F492C9621D7F44EF1622C18
                                        Malicious:false
                                        Preview: .F ...aZmL.2@.VM....m....R..$...H....9..} ..R.i...z,?..S..\..}... Q.c..f.../.HOl..SBI...S...1..LH...?N.....6.4...Un.5..q.'!..X6.ky/.....b...^..tg.&..\+P.....X.i..- .s.f..DQ...s..<AV...Z.pD.6W#Z4]3...+L.6.(.....c...!....tE.G:.g....%kB........h..P...L.?..NHo.Em..mR............>.C.........i`........*..}...>...K...f....;$;X!C...!....F..L.{..#..%...6.s4.........{.|.....<..o...........&.P.T.<.b$..I.<s..[...........~.2.%....p?..ZR..4.(...F>...D...&C..q....m.%..F...]..G.j.X.......>..Kp............$.........Q..."...z8.......K....S3.}J.2.T]{l..F....K....`.*.yK.Q.`y...V.%.N ....I..(C...z...NY.6.-.&C&...Q.+G.J.v>.....J...~.:. 7.,..mL.....|.Y~......6...n...'..u..T.}....#3...E..f@...A...._7>./.]..I{....d..K-....m...9....q...._....z.]..g..6........Km]...(....XP...f.$.L]f$U7......Q...vmc..{*N=..q^O.!pE.N......E....oe...G.p..t.|3j..]f..u..F.j.8G..."O.(v.@M...J.b.....&.1'.F.....Z.V..(/s..,G.x..i...(>.0..#u..>!.......>...@Ap.1p|.E.6.4,....c..-..
                                        C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.VisualElementsManifest.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):876
                                        Entropy (8bit):7.762010268857612
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E7E28E19CFA55D90A961272FFD5AB1C0
                                        SHA1:AD900CDF21216E2B2B5A3A6CEB2BB3FB07AF1379
                                        SHA-256:704486C50F9991311DC18E820A19FA31CB20F9A05A0BA8AD75E711F2B3684B45
                                        SHA-512:4BA92BD43A42A71BBA425C43619B03F19BA4E6B7DB5BE0A7B9DC038E7E42BE00A79801DC7D0A80F1DED81482233E8CDAC8F3A9B6EF1E40A450D257EADC392721
                                        Malicious:false
                                        Preview: n..8~&.a.....'^..0.fD.].%b....x...U0......,)(..\.LUP.....+.W.I.......`G/u...yl.j......'n..P.....Sx.5..4.s....}.Hm...p`KY......E^{.uf.u......e7j...[.w..R...O.+...&..|..|.K..?.._..o.c3|.l:9...U!.s..s.....S........K....su3k...<.B...[..o_Q'/..X.j.........X#.....4.......$.(.IR.\...W.g]A...%.,..#...8..NuP........*...o......O.5...9P..dYfm~....'.I.S9..9X+`.R.#....or.... .?4c..ry2.A..F..v.{.w..^..&.f......T+L.....8}^.q!]....{4.....%..cu.nS|-/./!R....u.....]......._.*W....'......e..uu............$.V........2...Ur.HpH.Y.....v.J`....-.,r.h.....@(.....P.. ..\>....L.o(.:.g5h'.....B.F..]ZW.D4vfZ....3.....H....2E.....~..."u....=^7.7t.v<.R@.....m..Rl..!..b.F..]a...iC%......,gv@...p.6. R.....kO.&2..._<..x.,..S3.fw..).G..c..).@t....p@ C...`ki.d...9........~..;.M0.A/.9..Ve.......#l9...Rnox....H....J...1|..+.8.....z.. .A....&2.J...CdoT.
                                        C:\Program Files (x86)\Microsoft Office\Office16\Wordcnvpxy.cnv
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):31934
                                        Entropy (8bit):7.993939546813367
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:692F6E5C6EAA16F10AB1024B4D07CBD4
                                        SHA1:A8FC51FA666025AD1EBBCA1EAEF4DA91DF1C020A
                                        SHA-256:CFA6CDC617988F1F131EE9F7338EAA896EBF6AF626710F0B2B01130C7D304560
                                        SHA-512:46BEE27F911CF19B8EDB74B75421673280F4D5C154E1DC6B3C79AE3F904B82019E2ED1A526B727C2B5F7FFDC04DD92FD221C21227CFBD98D68E8F0E4BA78AFDC
                                        Malicious:true
                                        Preview: . ..3..6..7)l.B.....A.u.3.``...D...Y._..I}..M..qT.60m.TZT.]...].:..Fkc.a.7a........c.\..[.Et.-)&xV...@.TN..T.j..t...K..h.....%....KMn.-..[\W...|..zyo.{;.....f. %..,3....7Vm.v~6.(...~<...m...P..w=....o....4...c.vU.s.).......;c....gW. ..#.54.(H6.T..l.=......H.U.........7..:...q..}g..8.H>:o...'.1.r!......a.5...em.i._....:...\L.z...cC.3v.q.W....&...I.Y..._.b...-.M....q..u.(.'@p.X.......E.xa6#.s..P.z...]..`dB;...#/......8"..........P.".....Z....[.G.3.&........... L...n....p,95.NN..C{..e9...M..............$..z......VvE.0x....../0u..Oe^.zi9J....%%".........-J.M..&...j.A{.&....^y..E.O.Vvj.P...<.M^I\H-..||v.E.......).Q...7....|.Y.'..T....cPw.!....]y?...o@(E.^.(+..T1E[s...)"..I...`....a..y..S...)...( .....!^.....j#..^|.=.!2c(u..."z!.7...D.o..L98G..L......).."2..._\.A...?W..d...t.pSz....er..p"9.)...t..5.....-s..7KM..aF..N....`.........O.=..E..O&u...1zj..F.H.[...9..D......HZU[.E..q.)..r..Q.....-.vEO.....=.c2...O _.byso.K..j....2..xq...H..!.5Jb..~..
                                        C:\Program Files (x86)\Microsoft Office\Office16\XML2WORD.XSL
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):10855
                                        Entropy (8bit):7.9838953279396225
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6C19EC0DB34F2661216B543CEA06FE7E
                                        SHA1:D848989E7CC789E141AA7A09AB47F94A38F0A6C8
                                        SHA-256:0B76BC1B153B23FBD3353B43ECC62642FEEDC5C750470B140F9CA15E8244BFC6
                                        SHA-512:CF9B409DDD39E24276964F23B10909A8DE669E72DC61117780CBA292A497FA968C76ECAC878F32C0FCE42C682F36F2DB4FA97DCA64937FC0749023DFA95521EC
                                        Malicious:false
                                        Preview: .|....s?.6.>.L.?%...U.4..2.:.|B..'..h....3...8A..b.....-../5.^...3..7v.).89..O..b.._.W)-a.7..;1.h..R~.9.1VWEx3.pz.eE.....j.b.xS..9D.H.....7...k.v*.....M..Hv...b......6c5Z..b....m.-.......x.H.1.G..H~..0.Q..c....#1...RN...b.....:D.(x..d.....)Xt...hh...t.G.......~..:.x...p|.<.|L.F.G...`qr'&.>[.._..r...Y......i.hQ.:..z...?.@.?.K.......P.~..[}.B.~8...E..Fm!..x.....f.t.ae.?U.%...FD.^p.\..ax.Y...-.o..2."l...c.v...2O\..C....f..9.........+.6.....5$.5.n.d.Y...iOD7....?&P.....L3.w-....w.\..9*M7r............$.Q(.......`=J;.6S.-....d....A.:..p.k....B\(...11k..'..V{......S.?.%.%.R.!..Q...!.1!......t{V.'^t.o..LE..i.N......#..Q]N0..m7....V./.....2..AJ...I...R}..yJ!.s...%7...j....).p3b.,.7#........e.='.0...j......%.{..y.3#b.~/h/.p.f_...V.....I..F..;7......w.fx(.!...j.E.W..oJLN.&..z..-....z.a.{./...R..T.;..z..).+d..e...Df!.[.....?....X....6.&.E...q......`..m2PC....D..$...c..j...b..;.h.....9....Ea...7w.._.....N"......m.c.C.....q...k.$!...H..Hb..&..=...
                                        C:\Program Files (x86)\Microsoft Office\Office16\aria-send-telemetry.html
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3210
                                        Entropy (8bit):7.9410453888306325
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D06493487329246227E59E1A13B80E9A
                                        SHA1:965A4E4F1091CA471108E24DF2908E622167000C
                                        SHA-256:F42B213A86332BF8C69F76E53934B165A5BBD746814A98C0292A9A31BD9827B0
                                        SHA-512:F1CAFCA569BDA40613B5679E7661D2BBF1B83270A2FB8DFB6DECBDD97CBF7CB4F5C1A59DF5B513FF362598E57B17588DD209C51B160A4EC3647151B5D86187E1
                                        Malicious:false
                                        Preview: ^../(.&.f.7.U.B....}..z.(.E...."..H.D.9.6.-&(.x,.?...I^..q9.H...g.-...l.]..K..J&...3...z...U.b..F.....";}k5...@.Be;u.._ps...e..4f.........:.Y$....P.}nwc...D..n..\...~0...\j......8..@8...u..]].^a" *....{.6.../LC..x.....gv..Y.5.gwmg....F.Y........$....l.....U...B..:..^Q........."3.!8....k p8.r....x.......^..2.?.........b...Y*e...n.......w.....oOn.5}..?.........\....k...W...F...k......M......~...q.*p..[...{.A...=..v>9..a.Wi..w.P....4...i5..r.I...yj..3.p1..S.....~7j..a.Z.....i:F~............$.t.............D..}4.xJ.aRm*..q.........2...!|.....*..f...<.J..|.+..&..:.{q.}|.:..k%...G.+..'AZ<..Px.f....6...5.^....:.v.3.ut..<;$,w..S..5...I]x.n....yFEz...;O.0)..k...Y\,.U0.3O.#....O-....D.x..&...U...2.y.Vf.7...K.3.4....A...7.'.<......u......O.....;....L.L....p... ..(.d.'......X.I.t..R.g..e.w.../......k.&1du..(.FB.1$.O$.....-..0.X.*.#.c...z.....>.....*.....G....;O.5.BS.,..rD. ...e@O. ..j........C.QO.k....t...... ..1.u.X.I..lKE.S..M....u.+
                                        C:\Program Files (x86)\Microsoft Office\Office16\aria-webjs-compact-sdk-1.2.2.min.js
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):16407
                                        Entropy (8bit):7.987596156838877
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:944D0A186D4DC04DDC64B84B8012F7A9
                                        SHA1:AA0844EA614AF24D1F77C2979D084DA6005893E7
                                        SHA-256:04FB67C6FC861765C520E53F22DE9D0133534B41C44B567F26D36ACDA8422DB9
                                        SHA-512:53688E6DA3434A377C4B6842A3D1960DCA0BAF05A9CACC51393C2D65EA6A7540D9CA7EA86FC11F6EDFDFB96D821DC7B32AAC8EA68C4B73FE4BA1DA5BA398FD0A
                                        Malicious:false
                                        Preview: .{.@<.5..>7;=.gWu..2;.]...9.....4.y..U.'.j...j..zY.....{np?.`...y t............g....f...`\.S.D.m6.^A.<7/z^(..+.D.....".....I...D6*.v....]....O...mW\.2..c.1.*.m...<..(...4A`Ok.H+...i(..K.S]..B...26.K.s.....(........m5km....O./.3:.4.r.2.Q]W$.ze.G.8l....V>.#v.3.o1W....+..d..l(..~.d.Z."/...2.G....u.3.^...<.H.&..E..9.e^.Q.9cf...[.e/".uR.>.}.../...Eh{.r.....3.(...?..e...qF.m.m.^.DRFW.M.....sK./.Z..g..!.Z.Qs...o.~.4w~l M......8..i..3.z......0. ...1..f...Xj...H.g...JL?.S.dS\.0..M..).1]....q..Y............$..>......}..*....WSGPC....(.....y...Yn....I....a.]R~.rH.6.r....?x. .f=.P=K.h|.......O......4.c....Cd.9u.y.EE..F...5[+D..S|..F..Zb...e......6{.......K..i.-.}&....S....Z..\N9..W........mx"f..a...Ul.^.J3o~..........'.,.Ls.jf....1zB.eE.T@q$,..a...).9#......s%.............@.].....MS5..R....!j..h..X....|%VhG.M.Dj.%w5.0.....I.....-.........t..&>.G...I...8..2..A..i........VF.....w/1.3Z#)5.._...I..sT......O..RK..I.MH.h^\.9.Z~^\^S...1...|....M....M..|.8....<2d..
                                        C:\Program Files (x86)\Microsoft Office\Office16\bdcmetadata.xsd
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):26834
                                        Entropy (8bit):7.993126590176249
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:DC933345EB7A4870C4A31941E2C916F0
                                        SHA1:938567D108C04D4DDEC4AB8D138E44B0D6E36330
                                        SHA-256:A52EA3CE481BDF80CD93BF077B18DE25487CF4510EEFBCB26545CA115E38DA7B
                                        SHA-512:D3D6A0379C9893889A2E6C3F35C74A72D44E9667F39175A3B2AEB1B1FFDCFC45EDFFAD7060C3872ADF0581A1FE26E00CE71131BA0CCCA62B9D7D0087C69C7879
                                        Malicious:true
                                        Preview: <h.....8.,.&.a...........9.o...q..h.n.....|........./gq.$i.Z..._..{J#...I..l....;d.J.{ZL.$`...x..69...:...8....C%...`.f.4P..3.~E.<J.q........M<....p..`.1.N.\F...)B9G9.6k....6]!...].m[_.X./...D@.../...H.T.....h_.XP.+........,.'..t.\.r.,..(.}...&..{..d.6.....O...h.......=.6....8.O.[...X..Q...S..Z......&..5....nO.$......N..<..P..n&.t8......PD.....!..t$.M..BKr......&...<V5.Ly..N...R...2.d\. ..U.a.RDjM..!...Ywh.t..!...V.U.....W.#P....:..$8.n...7...Y..."X[.R......4Rgd?.D...........z'............$..f......wL......~.0+.'p.....gF.2<\.S..._...H.g>.L.....W.bf.,.g.....K...(u..Y....EK..n......z.....c..1.#\~..oV....w..:_.{...C..1..|.a?....."......h..Y....h....1..jy....%p.Q.k3/@Ac@..r..soM..V..p..T.H.kA.q...V.......}..h..72...w......O.{......6..O..XK....c..a^v....X..T..2VZ..4....fcj...iK...;..i...v........Z....F.P...,=...Xr-..hy-.4...d..N...u..S....9......S=.X?..F.W...I.Q].hP.*O.L.`....Q.GZS..<St.-.V..g(P...@.U>..T-.}..a.Z.R...6+..;o.#T....y.....33..
                                        C:\Program Files (x86)\Microsoft Office\Office16\bdcmetadataresource.xsd
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):13623
                                        Entropy (8bit):7.988963393090537
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4190685A2F145B1E7F0544B150863C3C
                                        SHA1:0CEE3BE5E2C1D41FD7546F2CDB5D8A0598008A85
                                        SHA-256:174FD2296D6DD41C74BFB3CE17DADF4D54517D09B77E70E5684FA895D22D97BF
                                        SHA-512:21E119CC9478836AAA36DC906F1812E79A9025B970BF47DD3BC05DDD4E632CEE25A828A69C3BA33CED586DE9A8DEB5821F10147BDA0EF5341E630661639487B0
                                        Malicious:false
                                        Preview: w....A..z..Y&..rLZW.1o....u.#..$.....m.......(.{rf".R.].O....t.......PIZd<..6.Q&........w.!.1z..K.....`.. .4.....8.Fj..{Hf..R.Xh#..rt.[. /..g.C.$V?.W....AY.mA...dzN^...).2v.U"...{.X.N..dc.\..F..7...@"..B2.Rg..C.]..F.^..&.G.......OI.j^..Z.Ty..r....l..{|.........X..I.....&.P..,x.J.2).3.kt,.\SIl.)n.1.8.7.".......\..?.>>.%.......8.i.u.Q.t...'.+..O3.U..%...D.-.jM......K.Wuz.^r.?..,.....zn.[.../sm...\{_...f...e.ZX.....<K......&.U.!....E.~.4<.c3w...=h%..pn.9.1..{.d...U...K.q..J:G_..X...%W...............$.!3.........X~2..V.|.F..Y.)..L[d.....W....9.4...ap....$.Vw..J%B>...|+.....Hz..z...._.......'...+.bu.&a....m."..{S.I.........Q...I.T...:x43.?M....?....91p,Q..:ye..6._...k....^8..OC5E>...{.&.)...... (.>..~..0.Y.v.0..pS.......Y=....XLgw....?.r-8...y\...].A..n..m. lf...A.....Lw3...I..'..gW[....6.....fI...D.qr!.....- ;7..Gi..Zu./E...=LLw......(....Z.....$...=.+.J.R.PKH(VV..]j.#.T...N.-....U.q..G.%..y...aA..7:.I..oOA<16#.*7.X..=5^.....@....r..f....$..
                                        C:\Program Files (x86)\Microsoft Office\Office16\lync.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):166111
                                        Entropy (8bit):7.998980345280355
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:9562A4051DDF9CE584C11B972E5E07AC
                                        SHA1:4E43F186DADDEB85D69BBB7C28B4AE8631FAFB2F
                                        SHA-256:DBFD38B222E449420BF8D3F2441AEE6EFB573D90E4ABD16AD3A33B7B615DACC5
                                        SHA-512:4E66F500788C4C82633FB7549B1D143C06946A4C8B2DB5947CD85E0054784B5FD756D5D60965E5F65F89384D6EDBC586C9DD3601BE385A1872B4A5EAF4656614
                                        Malicious:true
                                        Preview: .L.......f........Ns".a.y..?h?%_...W;.4Z}g'.A..&.b.yk.p...h..,n..e..m....p.q08b...E..w.. 4....#Q.i*.lWT.G.v8.....7.[c~..P....Cy..L..._.=B...e..O......qPB.5...l.+...y..'.xS.U.r.K.x....G..Sk..D..o...D..{Jc..........5\.....jX.r...[Q.M(WZ.....-n..o..u...Xf6....q...5.M.ZrS.s..9HQ.6..r&.....#..0.c.I+xW.SiJ....y..Y6.."u.Ad...!.f.v.|8..d....z7.....dp.hI..dd....`{R/..Re.i.....2$......NL~{.55%{T..P.._.......Rk..`.._x.-."[m.d6......h.S9.\...8A..#Yt."...b..=%.\...=.f..%....^.A...%...Z.Y..............$........HP.O&..*....v.s............^...p.4....,.a...Dqn^..9.........}_..L-<J......I:.!Rd.p..].iY.._....$\....?.[\..W..v....:...9.....H...ty....0g..X.N.;L.g.#...... ..3..~.b....5..]0.....!T+....(X5......./..#g.V...9.&1/.}.%.X.x.6........)....z....... .....I..*.MN./.(..#.....?....N.E..F....1a.d....$sA'.4. 7../..W....Y...a.y..1.G.o..Ej.......bM..U.....80.w.f4...Vp......vhg...!ZRvt.}I.....t7.p.j...T........[i5..M......._...Z.H.W]S......)!.!.8...C
                                        C:\Program Files (x86)\Microsoft Office\Office16\mscss7cm_en.dub
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.958141970625849
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:55A0AAD009089CF4C963A579BC7D082F
                                        SHA1:F6D7EB1C85880BFC9E4EBC0994E32923E0DFEEA0
                                        SHA-256:DEF7FCC80C33C92C38C11AB262B57FF19EB72CFECD22690B20B2D10BB6C58CD8
                                        SHA-512:01E1641DA8AC83510E96849E71FA7AEC1E2786878118ADAD8A7B53F9C82214690D0DD6CD8DC61B285429DE2D55A8DF7B51502F4401D88B9718470BE91EB74BCB
                                        Malicious:false
                                        Preview: .]TD.7...h`...3ym..r...P...=Y...C...v........%{.Rz.i......v..D~....P<.}....6.........=....;.z`.Z........A.(gz.(..G..K.c&v....m..r.tv...&j...2tvm).......j...4........[#:n..Z.u...7j.P.......zY..<......%....uVd...C.X....<.T>....?..z.gj.&o.z&........@F{.f....%...{.K.>..(.....o...!D....w.?~..<e..gm......&..!.Ef*$.yoa..:......lmMt.6..DS...9.(ey4...%9.X...aS..bg....e.YMz.o...2.SH...m....I....N.N.@..5.n....B..3...`.F'.[...Z..G....]..S..H...^......M.0.+.....+.H...{.....5....*........XN..............$.........Z.q..5.n.Be...v..uY...M.^.....c.7..EK....!.e.8..L....t7.VRD..k.5. .....'|.....P^.X.}.R..,U....M#.0Cb.}....^[.......q..|w.]qL.......J0...+x.....f..mP..m.~.9!................O...O.[.!.E1.......Jw.#..g6].LQ.KZ|Y.".`p8.r$.Y..[.@Wv..r=7`u,..w.u(.:.....O..a.9.Xx/.&b.[...s...L$.#..........>..q[b.-.....UW.@.B.).r....r...=.!A.B.a8.|..2........9h. ..:.I=3..;.Os.F.....':....Nz.^.q.."..6.....H.+..:..H.*..r.R...$B2P.._.).X..;...&J.A)....f<Tfc1
                                        C:\Program Files (x86)\Microsoft Office\Office16\mscss7cm_es.dub
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3606
                                        Entropy (8bit):7.942686771790063
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7ED314CD0B8F39D79851505C07DA340F
                                        SHA1:1F37CA4DA9671E22D1521C7504C3FB17F6821555
                                        SHA-256:EC3D0581F2BEA576EEF647EAB5247029CEA9174576760FA56DC061038660A6B7
                                        SHA-512:B444C2177FCA173D16940A45B1B2E4AAED13C17D5C3CC1A0F6C0160C1E744E9544EB1CE21F375E00E5B573C87BAB160095834D7090E3B15D898BD0A39A7F3A45
                                        Malicious:false
                                        Preview: .)...{$._..q.;.".:.v....<.c.... ]..8.^b.r2.......9yJ.....3..X.bf..f.a.}.a.W.....a...Fx.'j{.i...z....v.....1@...\......8......v$..$..i.f(P...e....@......rU$].^.f;....)..E.|.......QWy%4.44....RQ...l....W.@...........Li...x..I:sKh.....).w"l:....Y..:._=..w.(.a......~y5.:~.~.,|..,.....Bs3x..R8.]..J.i......|.~.0....f.dYI..y.M.&..@.<j.[n.W.~....Q.D..;+.....N.<+m.`?..u..Ht.4.q#.W..me..[..~.=..AT....cS..%b4.I!".f....)......*.....c:l..r7>.b...a*..L......{..{,MLZD.....Qu..an.B..].p?.Y.]...Vm.............$.........k.#i.....%J...........qE..M3.!..;<.......BL.c..K.....m.P.3~.?.....e.sc....EJ^.....z.....[\D.8?0.&U&{....y..~_.?..n*p....63.dl.q7!|.vM.....,{.l`[.E...t..U.c-.#z_jJ.]].R....>8..;_yGXJ..F.....BN.0._......=->@.I.............i.n[l;_.WJ.zF...iP<QZ?T.&.g..w[H30r.2^.&....B._..P6...Q.l.ouF+..y(..r.KwO.Q.....E.....-..1o.....Z....0.QT:.d].z......3..Y0....._>..I...9n......l..2.....j.Y%........-.TZ..x3f..X!......GU..}:d_.g....Fy.1..>..".}.<.Hha.W...
                                        C:\Program Files (x86)\Microsoft Office\Office16\mscss7cm_fr.dub
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3606
                                        Entropy (8bit):7.9369601363022095
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3C2538930B660C749B7A7DD7C3D6AFAB
                                        SHA1:293F57A791921ACCE46E790BE89ECBB78180490A
                                        SHA-256:86145845840E4232CB0EE9C0641B23B497FB2B953E8169A7429473D54AA268A2
                                        SHA-512:591CD416D1B313DE63425EE146A0E4B90C00BEC8EED59A75B71E12C4DCFBC10ACED83476EDA046BCE941D1390C8FE17C25AF579572B69E0158C9E64A1797A3A8
                                        Malicious:false
                                        Preview: .Ef.>.$s9IT.dH.q...FI......KEW....S.K ..O.]....o..Z.K..WTKc.0.|..k1.$FY..u.6..).........2...ZOY;^:...:...|L.......2#..D....F..ipf>..<.'N....X..t..hf.....0....8..v.`..W.h.Y.-|/2N....K.E..XS.....W1.)..+;.m...b.O...CA.."..D.%2,%.}....Q..'..B.......a0$3n.?.O.H...8].q"Bh.,Fnq..M.#F..r...%._U.}..2.X.t.!". .bQ...A....H6BI.a...../*7k1.s.-.E....e.. ......I..}@..i.@%..V,}S...#.S!3U..L.s...v............=.$:P.T.]...Q q(.[../..........y.\.0I...h9.......g..'...uYWI.0CD.SHS..'..jy.X..F.....C.......55.............$.........V...h.."._.u.'.+)VG....U....}n..}.^.2.\.#..<6.6.O..j`..|...c?.d......dD.x.8...B....Z._...vW......#.4.,..o....r.e....Ig...m.".t.3..;k..^t.6fl.2.;...M.Q..r.^..........=.&Q."..........}....H.@.C.TW^O..c.Vm..N=. .$!<.$.|......h...}f..A....Zk.. .p_?..l..r...v..N.Rn.p.yH.0..3..*lZ:u..J.a..ZN..QZ+.pBj....q...n.'..........Z..q..^....1.zq;..p.....[........C)...[8.vl{.a..}...y...O..5...:....O....a`./6.3_..G.p.8..Z..0.jB.....@si.:.I.Af...Ie..0...h.j..
                                        C:\Program Files (x86)\Microsoft Office\Office16\mscss7wre_en.dub
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):104470
                                        Entropy (8bit):7.997937841687078
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:6F8D0AC80CE0E8BCD5BEEFAC5D1B1D82
                                        SHA1:1977C68AE5A0EEC03C01BE7B8A0F63384364EFD1
                                        SHA-256:701997706A5D5EC864379163A3D0E5D2646E71D3E054B73288BA54117AB0F448
                                        SHA-512:C36BA870F9F6C72658C29B3E05252A38148A13E32A62ABD87BE36FACA939A6EF4E045DB257E0C417E8F638E0679A50FFBE1BD7D675E5A9009F5D6A87A7B1C260
                                        Malicious:true
                                        Preview: .kWSb.*.u.\g&5.."...I......).k.'>.a.V...u..t..2..wI+...7n...;^O,...x..K&....8Z.5..T......-...tD...........?..-<5"..f.....e.}........Pd.E..N+..s....!....5..P.~....kMJ}.....Su.....$gq2..c.P.T....P/]g..z.l.C.Q<y3Ti..s../..v.......W..E.P....M.]....)..g.d!.B....q~..9..!..m.^...S..h<..9=......v\.n.|w.%..W..k..!d....K...n.n...h!...e. .....c.%.-..=s6..B..&p...k..Z.zL9..X....qcV..[..X.....;........@...g2."-..V-.t.7.a..d..=.+.[u...Fa>y..7..Z.!..7j=..K.W#..{1x<.aC...^.N..m3}.K5.......n....G9.{e............$..........J.*D.-:...f.Rl.........F......r..."..5..:(.-'..o..p.:y....Z.7.J.F.s......U.W.Z..8.......A=@..w.BVp.....;.'.z.............@..2.\x..2...<..w6|.."~.4a...f.8..p...W.....2g....`.....s..t.N.g,..FEz'.5....{...r..... ........H..M.Y.M.;..N,=6..<#.*q..&_...r.......E9yUZC..,G.s...[........()l.;P....q.@.{..w7%X.RB..^.....iK.-.T.7...~.!.Y..mi$...A..3......_.A9r.c...r... k...b..l.\.Xa.o.kTz.......e.`....f.DJ...m#._.t.........x.fN.../:z....!..0=.#G.C.fre
                                        C:\Program Files (x86)\Microsoft Office\Office16\mscss7wre_es.dub
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3606
                                        Entropy (8bit):7.9449165787675
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7B7090919EABCDD49F6F76D96DF10FC8
                                        SHA1:21B59E9F5F5B6B9644D99BA6F87CDA2BFCE7BD97
                                        SHA-256:2E69F9ABDD10B4084B3CA5A3CB4DE336E8EA41C402834AA7B20A3D4DBAD6BEB2
                                        SHA-512:82A8AE57D919C9B407DF0E4A3643DFC3DAEECBF2D0B3A76C90BE734EFE0AC920781816B8EA257BEAED06AFD18A9BF2DC811497C1B8AE0A903137517E2D15CBA7
                                        Malicious:false
                                        Preview: ......g.....j.^9.Bv.C..p.6.,.(...R.....P.[>...Fm&Gmf....:D.=...-.q.....,......../.....w#f....7..x..^Cr.w..j.SN~....ii..m{.&../.$]E]PY.D:...=8e....[.e..!V.......T.{.B..W..N..Ir.......c..8.'f.........Z.,..z.....:.g..t....Y...&LvY.jdy>...x$.,.j..y.......t....0..1C...._v..U.'+.tso0..d......k..A...6....s...e..6.......7f..........,....... ..F.(.z..n.....H...FO.Q<.oi...M...A....a..1^`.@{.{....D:#A..O... ....z..z.......2an1.......=..y..k.x......@G..u.....Jh.....?...*.r..{...<u.h6..............$.............XA.....k.EHo..HZx,HczzZ].W:.:..xH#:K.....4.2.hd=Ta...-..uP$.8.2..~B.P...z..!).*JgS....r[&...}i>..r.......&.... -X.%z...V2.8._.".X....{.......NY9......e..:a.4.ON...z..xA..z.vv...G..~2..`.)../}.A..'zUs....z...._:..e...G.W.8..-......,0......-*.e.G..Cj.b.q..s../C...@...e.L./Y.+.....=.h.uk.....k...@..U b..j...Q<.#z|....MO..x!q.5k.. f)d.i.......Q.`...&6........%.-.......6.....7...6.=../.;.b....{.X;.cd....|.1.N.K6n'.s.*"..R".i9.....t.Q...,....N..
                                        C:\Program Files (x86)\Microsoft Office\Office16\mscss7wre_fr.dub
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3606
                                        Entropy (8bit):7.944857405821094
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:025E30C6F1BC2F76B6406FF986510ABA
                                        SHA1:B18DA104B789221BC89B12642CE8E53E8DE696C0
                                        SHA-256:1CE3E4AF2A29299E3E62AE53E2A935901BDBA1B1C455D0293E6739B808713665
                                        SHA-512:314CD31171533D88ADC0E063ADDB568FF4CF3BD0DB4B5877EF9874E7CE01B5AF5AEE7718A7D3EA993421D1A4F3925F8817A6B70D9AB13FA34AB645AB97BF0E27
                                        Malicious:false
                                        Preview: .......~.....N..P.9c..h.m.gd(...$.}.J.=.i...<.1.*?(.C/h.'.a.q.E.YN.e7t1w.W.|.p.t.2.v.......uM......WV.....j_L{...!...o.I..-U.J.....z..fO.2V....2..<.=..7.o.....)..%........j.T.4.[0Z..t`\-R...[b-c.:...]...EC......5..xI..7...X.;.|..}!.%..H...j.S...............RX...^..I..z~.X..J..`.....-....&.o.4.5;T..l..^..K..Sg..k...._.RRA.5.......!%..'.(.3...E.q...fn....I....z.....z...='cPK1..XUN..3Y..>.mk......2.u.....3._..._\.D..V.mj.5.!{.<@.....T`....69R="2............bq....7...p.....'.4............$............;)...X...z....4x..y..i..........9...=f....A.'.@..E$....b.P...W...Z...S1 TS.t...A=T.r.._.....)..O.!...8..]xx...]..M..`...2....*...E.P.....L.._^.M.....c3..$...f.m6.....W...u..E+..M.[.T..J.<..or....k......-5...m"......&..T...6.u.5.y.J..w!..p2D..cT....&!.=t.kya...)...*..Cr.K.]V........&1Va.0.]...!.......).7....;Q.R.0...8I..:bwT.g.......H.......o..... ..g..I..0.Oh..... ....V.F.?...f.7..0.'....B.>. .T........%...7....".. 1j#T..8u...f6
                                        C:\Program Files (x86)\Microsoft Office\Office16\mset7db.kic
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999838478478199
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:A3EC2FFB85937B8FFCAEE226295F87F6
                                        SHA1:FF9AA377EE4F262012C672B96C310DD8CF3BE2F3
                                        SHA-256:7FC39D39AE062EBD5E91F3FAB23F846847AB364E5DF58ADAE0F431A981F528E3
                                        SHA-512:E24A052C611E3DF26C21E15F8C035E981FE0BD449607BE258C67DEA6E64D79201752ED6F25605D461724B351A7522159906E667F8875377EDFDF8460EBB38DBD
                                        Malicious:true
                                        Preview: Q .&{..H....b.m.R....[S....gL<.A..h..M._.p...B..k../..@...{o.:....Kw)*.....d...4Z.\..v.k..zg=k..;_....Wb.z./.>.x...../..:D.{.5cxdP..N.V.*..(L..C..X.A..H..(...kt..C......])......y..6..m...e.O...G....i...."!d..RR60..&@}..T...^..h.~G.r......r.&3...+....J..Hii...hK....>k89.}..j.....J....G......5.....N..U..A....u.+..%..1..p..2..<....^a......R0'....x.......'/<....9...7J.ok......6.Q.K....?..K.N..4Q.....U...[...nWS...`.H{I..].....F^.[J.._.U...@UI.n ....2."s... .D......\..x6.K3..c-.....................&..P,.....G@...i.J...W..4.%..=.8.......ed....B..mC}].<R.X(5......<Wo.T....N.n7.X..3.:...q...-.t#....S.qO..N.......L..O~. ..V....S.y......;.B..3\.......J...k3F.RcG..j.l..XI.....y8.f....,[..hG...X.Z..X^.......PM".F^.\R..H..bSLw.~.5&V..."q..1....?.uIhl~.b~p.%.. .....z.+...6..*U.+....T.g...+.{.q>......q.q.`..A...O.w....e.A@aum..T7.o......'..]...D.c\.H.....6,....9]]i`.......J.=.8.5dZ....Jo.~.I...+....d.#,...a.....b..i,...H...6.P.....(6..PZ.@"-.W. (8.
                                        C:\Program Files (x86)\Microsoft Office\Office16\mset7en.kic
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.99985351114047
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:E3F89468A1C86C04556B8334EFA9FCD7
                                        SHA1:6A6AF69829820290783E69626375E05AFE090B66
                                        SHA-256:510A1B463284FC722B55A034A7288938CFF93592F771E65DA7E9B76FF834471D
                                        SHA-512:64C28EE0C32B42CBD5D84E129863740E73C69F3504837B5FD2244722BDD7694CD695CB1322AB53F170E8453108430223C687CA5DA9549F2214AD3202579C1E46
                                        Malicious:true
                                        Preview: y.5.".....Pl.M?-qopW..R.Ik/n.&...UfKF..N9.q....*...dD..[../.C...V.Y"R...0....BzLe.Ep.eF)3.._.p&!>QY.c..7.!.3ot..WR..\..l..w...W._..2..d..C..T.k...D.K...>...I'y*W..h...$.W. ..4w.G.<..U,h..n.4m....L.....4.|....@3..,cV..Ubr....C.r.... .9..4.a...........8.;...E.e.'o....D.`......El..............*.K......S.BPQ..b...Ru&...`^.......IP.(V..(._:.N...e..D...y...y...4...69.*...=..j3...^:..UwwZ.Ev....8....:V.#y.*.o.K...Z...:..n.:..t..ns.....lK.9L....K..O.n#...Ve...xhk..=.....7...,^.....f..i...o.............&.>[.........t.G1x..j/.-`.[9..jL*...P..5......V..........f=a.[....7..c.#f.Rg..+y......e(A...8u.9.w../.:...@".y.....z]...._.*.R..w...8H....q....q...VP6DEC.V...:...x)R.B].....p..I<......>..P%(&.T.).......~J...Z.y>C.%....S..)...r[3..Ph.Yq.........d..&c..!../........(....5..3....7.m&q.U.[.....I.j....;..Y#..5.V.....4..>.nxNB....].K..f..#IG.......Vf...z.#W...O1".....j.3.O^.[.<?.t4.......t;^. U.Ny....@........t...4..|.. ...|`.........t_.KJ..`./.....[&m.
                                        C:\Program Files (x86)\Microsoft Office\Office16\mset7es.kic
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999825010637232
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:076A8E98844061112BA5944B601D99DD
                                        SHA1:08CA9A35363EBA8582EF388B2EB01B8F5608FA3D
                                        SHA-256:5C6A7550BB9ED23A5A48C331B38F7E21F3BE3C1CC751F518E05AC86FE7BD39A8
                                        SHA-512:EC2A4716D0DF69CA05C06F38B671311D66DA1F03043073E9BE2488832A97D581AE1D0F0CF364F506EC35BE8F2272D2B3C7FDC26757D91AD9F6AEA1391491293D
                                        Malicious:true
                                        Preview: .K._q...q.(B.?.n.2.x^...`....J.vF...kK..........K..P.d.bFD.....]...3..y5.j/R..Q!...8..9....O...9...p.q.(...A.PfC.U. .y...!.z..................C.R"*>..D.....Y.y....T.o..XA.....H..\.......M.e..9....VE..:fb....*R..2O...0Ns.#. d.ZBo.....E.>f.U....h..\<-.....L...%.d.EvL.X.F......4.C^.|.D....UM..:..GW..=(R..>[*.v.(.})...|B.]...4.C*...K......D....7./...A...s(I......P....'....%.LN....*..2A.Q..yuR.zN,.S..j4#. .?A....3..]..US.q.#....zn....Vb1..Q..U..T[/I.?Q.J,?.=.._5k`...!/............&...........$.Pe.4.<XLRG@W....~...bd......R. ..!._..~...3..TME.B#.....P..."3K+..;....0./)0.i...V...)WMZc..bb.....9.wx......N.u}..,....\B...v../..q>..........5...tI....~1+.F(.....LM._.u.tO.J..2*...}...........o'.`..o..B.z.)..g..*u.....u%.....E.D....k...F.^&....[v0ce6+...RWp....f*.\[...o.2*'..p.\E..\c5..z...M.<1..~)#59..Fb...x.SCV...j..!..B..o.(#.Oq...."......n.=..{..L..}c..E.........=.\..)...SE.!v.I.}N<xG.D..tW+...1......!.c......c..;k...hC.I.|....X.
                                        C:\Program Files (x86)\Microsoft Office\Office16\mset7fr.kic
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999845760514673
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:C99952A3EC065788AA240D0BF5DAAB3F
                                        SHA1:641D861CDB82271945241F887A14E8C4058675B5
                                        SHA-256:46E5254210561160E0C187E59A1F88435F592192EFACE90EAC365E45F77B8301
                                        SHA-512:F4EBD2ABD82FCEC6D5C75189A4D769DFCE0D726169966B36FAEF87D309E769BAFEF4450BEF4438B6B9BE7A0B6BA0FDF6A0BACE9619BE231BE349B1884366A13A
                                        Malicious:true
                                        Preview: m.Y....a..-S... ...jl..I........4.....r........Ps`h.~c..........V(..i..Pw..(..R.[.....C.k.u~.........b..@4\0C ...Wq..O.....W..>...iI........a/;...9......t.`T.....qg.^..%6AA\...w......Js!.N...K.........]B...u...p.R..B.Q.....g....PdnW....X..%......Rl.U1Y.H.. ..=.A.B......C....U1xp#.o.......A..,...kd...........QE.N.\....R...z.Z.n...E.....#..... ..}..i?m.,...7P.......?./E.. -.Hi.?f....\j.......X.;..[6.Y../......P..Z9.|.b.g_*w...h=G....g....;e.r+..&e.p4.|j.).-...1).7...t/!&.,....9D..[...+..?................&..L...........:..K.....$..]..`.(..@...C...6.<.VR.1...W.y..._$.{..)...y|..\....1....l.4X.2H4:.H..i.e. $...r....q~....3.j..Y..G.w......}......y.....F{Q.b.,o..F. A]..Z.#r.?...LK...x..f.j.".d/.l.a'.D......u..'Wm$..]s.... .b.:.....g]kC....U.. .2..Z ..a}.6..x4..\.n....zyc.u.0.g....6.nU.F....X..g.....q+...%?...>y.g...!..l..K[.P3.8.g..?9..@.k.V&.-.j.R..E.#j.....p...=7h.qxLM.,A$b.n.....pMbG..6Z).K..T.CO..W...B....O..a..G..\..`...?....b....w.....lI..W.|..E}.
                                        C:\Program Files (x86)\Microsoft Office\Office16\mset7ge.kic
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999814987647864
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:36A69B87AF5D21C165476F3861CFDA0D
                                        SHA1:4EA526B282A71634BF737E8E6977333723A059A4
                                        SHA-256:56E3697C905E090935FB6DF238B267EF5FB32ED18D3D846CCE4CFC4281CE3E8E
                                        SHA-512:C5A452E4B0DA8435EB530CE7F93042910CB69FF7A269CBCB5F51092DED955F7BEE89118D01AA11B99B2D181D04A2EC12AAC070456A3642C51FF413D40A4EB163
                                        Malicious:true
                                        Preview: 9......1G....U.D../...i..2...Zs..f....='...!...X..g&.:..s.I{...'....=.Ig..k..3(u>...r.AgVhX...|.1.&7......5.4Z..../.<eP....2t.U*.......d.......W...kZ.......\\..P..b.N|dm.../...'.........z....M.%s..4.....w.=. Q..H$)...NO0..E...7'@....p........K/....e-.#.PE..{d1x....4.!. y.5."|:.._....#1>Y.{............Q){E...7f._....Zrh..Uux.d..7V.. Q..c...;..G...@V0W.B..1.w....s.)l.-5..M./.;.R.^.Y.^.S.n....z.)r3..w..Qz%'..{O.c..H..Mx'..t...f...a.m.N....w......eqe.:..."...J.I...0.j..5.9..iy.J+._.!z:..k............&..g5......;.......'z.../..P..,.....H......0/\.eD.GX.%%w.L)?..T.7..x..._..'.......By.~......Tk1.\C.z9..@...&.t...@.8..\.>...*+.?].j.....Q...(..gA3..q...a......P.s...RF...e.Rd.t..J....SU.~i`.azG...F5$..jf......A....@A........\-.9..\,!Ox....x.....s.>.$".'..G...,......pK.lh....G..=q..j....|.4....^...0=...AG.).irD..._|...\.9c..8H...O.E/.....A.#.].,Y.4e.......K.k..H1J..v.Cf.Q...I.9..=G...^)g.~. .']..1J.&.s...*..L...@%..p.....7h..../}...=........Hu..
                                        C:\Program Files (x86)\Microsoft Office\Office16\mset7jp.kic
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1049110
                                        Entropy (8bit):7.999833031061859
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:3F10DE1B23E68A04DD9BDFAF9322FA7A
                                        SHA1:D937E9197CD7B43EF076F6EF98183782CEEBD6A9
                                        SHA-256:02951452B3AA1DFA9E12F984E596D687B9EE0982A7205E2C9BF26860AA1C1BDC
                                        SHA-512:2CFB0B8CFAF4BA88B745F28F4F6EB430E5EAA254D7AE1DBB857A49F34B9FF5C93B2C176C470282414296212C7D15C07AB6474D73781A17E344E5B7557A4C49B8
                                        Malicious:true
                                        Preview: .$.,.f.aE}..!.rC.m-E9...(yp.....).u:.&..a..(.....3.8....8..Fk....t.......q..?.......(..0W..;1..E......b..v.yY.`S(.....I.#2HF&]0..~.6.,....nX...'9Y...;....2.........JPsf."{h.o..('.B.p`..=.z!{./>...82......./T2|....u.....!:.;.`...c..|.....2..............H........o..1U...I.H.KWO?!E.......r7q......Z.T.q....'9..4..\.B.......*FI.c...cB.@.,...f...(..>`l.{%..>ZLf...(.K.n.......{......,v.y.`...& .!<...r..c....`.d.j.-....}...Rqn.R..:.#.tJ.2.....-Q.....S.m..n.T....f.4...6$..&.&.!M........2_............&................K9w%MI2nU..t....h....&..t.&i..I:L.X..l....-o........Z...../......,.u.E!^@..h.-VM.......Z...+.G...0..x..:.K...h..1k.(6v...P..x.rf/.LO.A..|...P... ...6...2.}.......|=3Q...\........{=...........E./goS..8.n..B..q..z.....n...2c..`5........Dql.C...{..N35sI/xw.LiP.Jh......f.Fj..<g.7.gXDB..q..L..%w........0H..z..>..G.X....4.W.).".13Y..d?r....:.S9...(..FX.......#.%D.2v]....r.3.K.....J...Q\b......U.A.T...`.x.}n..).....7..I@u(Qku....
                                        C:\Program Files (x86)\Microsoft Office\Office16\msoutilstat.etw.man
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):108022
                                        Entropy (8bit):7.998353848946839
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:7496D64BC5C68EABA36DE62566140D1A
                                        SHA1:1A48C9278442B4FA4AAB65CF9EA7EE8A0AF1341C
                                        SHA-256:73DF1E429B8B89A16CDAC0BD901EB9B7D189F7AB35DFAEF855C31382172F7E27
                                        SHA-512:2E4D241B8D7A8E36164DF2460EA9C6238C3CD65F77CE2C42A9DB6A397DF003D9D2D939315504998E3214D87F5389CD749613540D445D69CF88BF5D36D5096CDA
                                        Malicious:true
                                        Preview: h......Z..t....z.&..U......d.$.@.g...h...f.w....d1.......R.l(..=IV-.|G...E.j../.U.....;..8'm..YVk ....nF....y..]./p.MG|....G...._..h.o.c..7."..V..w.B..\^.I..$].._..0.h..8:d...7G...+....q^.d...u.Zo. .c-<..7}?.a-...S..h5.......|.JB..*.n(.{.~...H5M...-_.....(....{..#.9@.}X=M.O....|Q.....-..s..H~X(%....U.u5.t..5...*.O.^6!...~`..>.=@o..DC.Fg.f(...z.D.~?bVx..2.(,O8yV.W...TH[6`...,.U.b......-...).'t4...D....1...:..$....2.{....wm3.>.N..vI..J..b...[./o..x..].........K,"-.z.c...c6N.i.....................$.........}.I....).......tH".z.fju...r...Os<_.cB..Su]..1.28O....X..\.i....$.86...1.2.n.....(.Y0...3k...N.l.R.<...i.t.'q.=.D.>...aA....~......1.W.....?.F.J..>.S%.....n..+..U$...l..oUT.`.6.v*....-\5.........\Rc.?....}..E.....y.b.[....P.<.7..c..1ri@.UYwX...m8..B.A?e..!;_b.ip#.......&...l..3#I..<..k1.....kGl.2....$........!.A..'..5....F|#@N5....YK..........?.I....]VSm.W`.#.Q.@ 64.C.^=..+.`w..<.Ci..i....2..n.c..i..%.....K.C(.g......./...8.......)......J.
                                        C:\Program Files (x86)\Microsoft Office\Office16\muauth.cab
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8233
                                        Entropy (8bit):7.97248590804809
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BC8053FE1B46A360E219022E6DB30A09
                                        SHA1:6982CAA3A8E4AC8FC3E0F50A197BB9C7C1D02B82
                                        SHA-256:06B1F15E57F116DEF564954E1B86B7C3EA43E5F3604E229D2463DC1918472800
                                        SHA-512:B06B541346AB4D248CD3FE81648EE10FCB1DD9E263AB5CEA35FBD320C2DCF2E80463CEC35148047802ABCC1834AB32E0299183B74AD8D5A909D12CC6100D8596
                                        Malicious:false
                                        Preview: .....6..V....&...|/.......c./7ici.;...2.F..l'.VZ.EKy ...i...(..B*"bZk.Y.\..e......c...w'..'.=4.3.:6b.kKs....b.bD...'.{....|X...(t.............MPexh.Z.&...ll...@...9g.3O4...... .d..*.b.:......Z...G0.%....(.9.C.U..w-.q.9-Z..n....!..R..$iiM@..]N.F..jq%WGZ.....N..u......7.u...g...*.C.e;.=...P.....cQ..po.Ky... .....O...s....z#...H..BO(...uym.d.-`.Kio.../.9M&..v.z./.:..?..E...y.O..G0.r[...DO.|.....9&Aq2..t....I.Q`j....<.w\oy...$^!.Q.eK..}._...b..Hm.|_A.t.....;.10<.-...[.....>..b/ .9............$.........x..u!..!_.8...9.!o}pxU>G..~.V.......y..C.gx.{h...g.I.D.l..."..u6. g...` &...b[.J.Q.s}.t....;..w..|....%}@..4._V...[2q..;@.....p..A.^.........k..v...M.."...u6|...dT.s.....b(C..ug....)..F...^$.x.E.......:.L..$9.[..X..>..*.5<."......[WZ.[..~0..S.9..:*..7W.-I.O.]7_......^_k.R.G....4.......kL..y...\.A...#.TY..6u<...\.....uV...T1...0;..|W..{...2F.L..t0~8..m(..2.. ...Y.G@....^.#.._.U..$...ZfON.SYiu.y.p....L.|.....<.a.PUO.]....)k...z.U.(.w..._F..D_7...7v.
                                        C:\Program Files (x86)\Microsoft Office\Office16\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft Office\Office16\wordEtw.man
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):636237
                                        Entropy (8bit):7.999728869740508
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:13EE475C0FED8EA2C1EC781D9BF00EDF
                                        SHA1:1D78330E2EF2B3BB49480BE1F3ED71CD2298C25E
                                        SHA-256:BB9B75530C49A3F487273FA02A72DC35A4B04659D96F3F0422DD068F021434F7
                                        SHA-512:204DB3C9536D3C8ED66AC73C4500BC37D243AEC8EA8BD363C6C41C917D356C1971B5E574FF84D226162F1ACBB2758859B47C4D4D15AC8AC287AAD603E4EACFF3
                                        Malicious:true
                                        Preview: ....e..Y.?.u.>.+_.R-Si.d...M... .J..r!....Fc..SL....v..3sq....F...D....i.S>...-...t........T..z.2, ......:5$..&......f...$.k.[D..y.M....N.u...Z]......bPB...Bn.i.@...:Vz............c?......H._..<...},..wp.9.{.6~<.]..hS....ba.1....K./.8cQ:...u...b...<P...m...0......>o&....J.......Wr$.tr.`..u.5t..K...>..}..N..;.i..*.#I8i.3.b.,......S.O.HQ!.}....r...t.o.`$....T.\...q..9.6.(.xg...Ud..}9.....M..4i.`.B..3.+....Nj.(..Ec.....9&.............qez._.N..D....k0...|is..NB....].T......r.M.{....Q............$.7.........p0..t.....1='........!...P;M.F..p.6j(P'CG.T....;..,....pR.i.)......oF^..<P`...H.J-.\.-.s..a..G36$.".!.*^[.FC.7...c/1-K.:.\YH6F...Z.).M.R....+....3.n.).. ...)..$.....?3.......%.6.Y.....E..Z.4..jt..K.K.[...QAh...Z.@.S;~.....Y.p...Q...B...%..8U.:M,..].l.2.C..).?@..V.g...o._!@pS.][.e@.^.....z/.........-...........b.j ....b...|.I..%......cv9...O!....).D..OoYC..o.9.1lA...)...f...B..=..f.gC...'U...7......$>.K.59_.gM...b..yD\o.{.....=.....+G
                                        C:\Program Files (x86)\Microsoft Office\Stationery\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft Office\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft SQL Server\110\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft SQL Server\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft.NET\ADOMD.NET\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft.NET\RedistList\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Microsoft.NET\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Mozilla Firefox\plugins\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Mozilla Firefox\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Reference Assemblies\Microsoft\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\Reference Assemblies\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:SysEx File -
                                        Category:dropped
                                        Size (bytes):708
                                        Entropy (8bit):7.6690772894300965
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2D133AF37DC41B01A51A597A0C450256
                                        SHA1:A700CDAA145E51A4F9DBA6A5559B02C8F33379F6
                                        SHA-256:18C6FDA033E4EBCAFB3B46C2D36CEF117915F43FEF9E31BF61CC5F501DFEE20C
                                        SHA-512:FF22938E900EF809310FDBF3DD8BDEF1F4F13652CB806E018B616296C74959630163DBD66E88C403EFF8F821A39862A93BAB45E3D9BFF2FB583455CF978A596F
                                        Malicious:false
                                        Preview: ..p`....x.\...~..x%..;.....w../...v........)r.xg....Y.Y.&...1."......q....!...C......Y..k5c.L....,2.....6H..h..5...._Lt.;O...vqg..I$Xhb..4.jm@...)E...DX.r%o....b.I.9.`.u..r..V/A.j.....n..I...B...0.._t.6...)..%.....x.....H..-...%...R&63.b2..U.K.....6or\.D...vhV...>.o.q.-.C.......r..VI....#...."...i}..8.aw....).".a.*......+.....R.jU].....^.l.H.w.t..#k.....5..|..:'H.|. !...O.r..d..;S]_b.;.....KT........(C..5.E..i..>.Q....Q.B]>......a.....n{......[p.M*.,..w.A......D-?...'.+./..w.w..1............$..........&.......Z..'........k.V.1.....%rC'@.Bj.....ox ..&..iW...*.C.T..:..`x.a).QDGmE>.....V..M...zf..kT..n9Sq..c..B.......aH.Y.y..S..$...Q.h.....f.>15..l.1X..E.=...f3...).B.
                                        C:\Program Files (x86)\jDownloader\config\database.script
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:PGP\011Secret Sub-key -
                                        Category:dropped
                                        Size (bytes):784
                                        Entropy (8bit):7.67116795703339
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:95433185C269FDE2B24B189F0A68183D
                                        SHA1:89CB19DB036B66FEC4989721CE1DB9DCF04679D2
                                        SHA-256:FAD2F6A66796AF198D67D296CA648A9FF32A454EBFE127967D03A96FC647D152
                                        SHA-512:C6BB8DD4E3B22EC18DC8C37C164D0ED557A71C3241608372C20740EF94FDFABA1CF0E0E31A2D5D15D05E6C45B510C1567B1659F332131AEF4C6D26C94387A359
                                        Malicious:false
                                        Preview: .......M......4.Ke.<j;....<../...q.e.\c.....o........e%a52.Om6.2.. M..-...@.....-r"..@.....L.8..v...H..S...`B..e......$^I.lx+5>I...F....e... .....5m..6Vs..m.<)K...U{P!.(...1...%...)V....M.).a...>...._.8..]..lZR.zE.}..l...+.Ad..I'mt..G.xb!.K.*....i...'s0.3...c...x.#G.}..S._.......~....;..8'r.}...q....+'..Q.].[...6....6....t.~.ueK.PN.o....>...n.:A....._.o%..~.....O1..H.b..q."....0x.AfN.S..kX.<..U.9z..!.....B?W`......Z...2.t.d.....;.;.....~..r%.7.|....].aPm.$.q;e&O........~w..>.5)............$............p.][y......6..8..2.e"...>.Ne.. .}...X.....]..j0>.en.i.D.8..4....1;..^.f5G..1yl.`Z'.<..RE.0:...].z.......BXP..O.Z.N...J............5h4D(......OZ;;.B..........2IK.......jHa.xk..n.$/.....&..#6.e.......a h....d.3...6.j.vy...;Z]k.G...7a
                                        C:\Program Files (x86)\jDownloader\config\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\jDownloader\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files (x86)\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Common Files\Services\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Common Files\microsoft shared\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Common Files\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Common Files\system\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Google\Chrome\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Google\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\MSBuild\Microsoft\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\MSBuild\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Microsoft Office\Office16\Custom.propdesc
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1877
                                        Entropy (8bit):7.891153123778134
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:183941F54696D0B39A34F63EA8B78D64
                                        SHA1:644C9F312FD8F78739BCD742BD2DF1FF0FF97BCE
                                        SHA-256:8F3018A1F0CCC5895932782B9DD17B1750EF8ADC0EF8C274E197D85B50D7D8EA
                                        SHA-512:6A3E411F3CB1FC90B5DF2C2473CD8A519E0B407FA5247B8E067039AF9157C229B21FB41A5B2C608DC13C25471D60898C1311EBC148E62E87EFA1CF93A6EFA42C
                                        Malicious:false
                                        Preview: .B.'.'..[..+.v...n...;...N...(".j...~.nV.....z.. A..H.sE..O..\M.q...W..\./Qc....5.\........?.AD9....XU.{.!.....^.@[8UP..+..,hT<!...OZ.O.....(g.X.M~zy....w0{.=u\j.......d0y.M.Ewg..h.u......y.z....U ..S8;|_X.[...J'4...k$.(....v%......H.7..{..*....H....wn.sA..H!.u:^9rVK(.!......`.>Kt.;".. ...Qq%...}k..)....9.....7....3..Bd.1..D.../qF..2........#Z..uo(zm".0>.........(m.n....p...../..3=qY.G....kjC./..S.7C@J..........o.h5....Q{.f<\'r.Y"r<'.S.6..0..tgiS.E<...S.>....I[`........^. T..P..P.q.............$.?........e?......f...+.T.@..~..CU....e...wq.F&9..A..":.p...oX......s..1..qJa....7..&jP...Z..?.".[...G.:-.f<T..IL...0v...dP..Ls.n..o..\..cA.z.....d...Q..0.......w...`....U(r.}$....S....z.h..2p..Uvu......!.............H...A;.@......Z.~c/Me...Dw.i.x...G.%{].....4q.I.W)7....)...9."5~.B.M....j.<K3a.*rS..+.L.;9.q..Qa..P.5M.J.F3.(\00/0.....<..u9.b...k.}...bd.#k..1ZdR.3}...#3...i...?..b.1.67 .\..9`.o......N9O.I.$.Y}..S....L3....)._R/......L.....<..ms mrv.+.=.*.
                                        C:\Program Files\Microsoft Office\Office16\Mso Example Setup File A.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):612
                                        Entropy (8bit):7.601409483453091
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5A87D562BDA0DF2287CB5AE74A3BF4FA
                                        SHA1:3BA132F3E9EE640F3D8BBFE7E7D253D054D64CD3
                                        SHA-256:EC4B9E6DDD02B91C138FA3735E345A5C503B20CFE5BF157EA53988002360F608
                                        SHA-512:117C8EB51A40007F52BFF6D0E4BAFD3D5774FEE176875E54E155C24AFB1D2397AC20B306F0BA1293F0FC31DFACE58D19448821B97AFF7978790D4D5649C5E351
                                        Malicious:false
                                        Preview: ..f.....>.5q...H......$`BE_....c.%.q...l.....t.C..........(.V^!...?.._...\...b.....S....75....O/.....vY...Db9Q#..E...4."..!Ah.....Bb.?.]..;.,.|...)....`S..i.......x.y...x_S....U..j..}.8...N.~...".*b...?~f?..FrFzg.).{`.']wrM..4.q..............y..].T...b...z..(.^....kw.x.......*f.l.fB....FI...I#!m.QL. .-.....h..$t]..'.......)...BC....i..P....uhu3....-R.~FH....6........D\2+ A+=.^..zD.k.X6WA..3...E7....u.#Q....!<5u.L.).^.2..%..k.'...TX..Rv.....wu...u}H..8R.@.i..0.U.k...bA....$...M4..g.t!Y.c..............$.N.......,...l+.<.q...N....;......c..,`7..d.p...U....&a.@g.{...3..$R...i...@B..F.R..
                                        C:\Program Files\Microsoft Office\Office16\VisioCustom.propdesc
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1690
                                        Entropy (8bit):7.890425281694523
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7FB2A06E5B6384204D1FD0D1CB4B8BF1
                                        SHA1:638A5CB17D56A53B3960A3E921249CEA217C1577
                                        SHA-256:0F1B5044D9FD7D24633584357CB4C45D4CF9D8CD7AB0ED300038B1C275EFD5A0
                                        SHA-512:7432DB308ADA227910C51BA63478D5E02F6F8A6490B630E646EFDA207F6855B2D1F503BE19F639BEF06D295AE11EA311BB7EA0666A04A8BA8CCCF6297AACE3A4
                                        Malicious:false
                                        Preview: &5T.,.{d|..B..F-7...L~Q...h....~..@.n~.P}.8an.*....(O.JW67...cN..f...X.....i=P..t..}....U.f...^..Y._....9....+.n..?R..x3..m.iG..K.t.#.......~..S.../.d..A..G.$..M..2i. ..,m..../\.`.R...-.@i[..Z..t.Y=...Z....}..C|.<.....P..%:O......]...kE..l./..HJ.........E.\.Y...[[.6I.9.F..|KFX.*G..0..+........"l.G...Z%.l..2.;...AT......(.....Z.w.|.v........!...3..P0...j.j...,.......C.CN0}...2....>MMK..j3"..`...D.0Eo^..=K...M...Z5.,...D.w.U)....hI|g....r..H.F...r6...!c..Q. .W.}.r`...i.~1/.$0K..............$............=..I./x3..R.......z.............1..Y.3..Gs. ..........[..E..?.'Aq...#.{Y...0_..AJz..3..d...&..>a7."..W.".4......j.......'!Gx.L.].X5a...Ri;....q...e.......Q..c............C...C......a..P.&Yf.C.&.>.....[.utu=.....*`...."q.*_?@....q!8.F...50..@..]T..D,...w..9.Y.....=..U%..d...C.N.#V$.....{J...4.u.n...6S...d...v.I....ueJ..,...W.c..3/.e..l...86...;.hT........?.BG.+e....$F..E}..[2..x.._.<.:..\....U.....y..F.oR...|e7{......C..N v....5au.5
                                        C:\Program Files\Microsoft Office\Office16\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Microsoft Office\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Reference Assemblies\Microsoft\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Reference Assemblies\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\UNP\Logs\UpdateNotificationPipeline.001.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):131606
                                        Entropy (8bit):7.998709666388542
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:18B92D263CF55101AC015AA2AB539FDF
                                        SHA1:7DFCA193E50E759EFE3D94163B1E81DCD8271710
                                        SHA-256:547F73E6307F4736A26563C9255D64C7BE567BC17BC1DBA0FAE8A8FEDD6D6B18
                                        SHA-512:3A07EE9A7870F857D6470CC4EB5049B062C6C8C91B62EF5D0C08A5FC314EF8BA0D925ED83EABD975908906CB45DFC5EE8A7A0A882E229498626F4B6A1D2D59AF
                                        Malicious:true
                                        Preview: H ..U\...?..).X....eM....d..FW....h\...[)..... ..8.Zx($.s$...P.'L.o.....A1.7"]|-.w....t.....xE2A\..`*,.}....y...PmC.JS..Sj.De......z...L..BMl_..~F.A(4Z../.+....b.VB..>....P.Kzz.}...N.W....6J..;.B._.L>..m_..... #S....o...%..<..=..."....4.)|.......D=..@...D2..."T......4.....YT..a....o.|....4T.....~br.......1..........s2./.iK..&.<{z..7....B..".9.*}X...[%.<+.C......z0...Cy.z..../y.W)=s..Hw?.A.5..g..d.:.w...A..a....u.Q...)`....4...kC..O......%.xy...>.M...,T.u}b.6...Q..'...1'K.......T............$..........'!...F..".......cJ.yt.^ ...~..-.8[...S...$..n4..i....y.s.8.....H...}MO............7..Z."Y..RQ.t...j.A..<O...H...2.......To..k.H*.....L..&(.u...6..@.*2.T~...>=...H...r.F.+......n...=ag....gN..1.R.<3.....$...5....?~..mA..G6....*..C8X...p..7...).M.....z{...c..{.MR.....>..V^.`\...qg{...5...K.j..k. ....s}..u_..[..a..... .........{......."......me*..1.."...{.:;......z1....]..E..!.....7_.....)f...i.s6.........s].IAp..T/.%.C.1......AP...;
                                        C:\Program Files\UNP\Logs\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\UNP\UpdateNotificationMgr\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\UNP\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\Uninstall Information\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):708
                                        Entropy (8bit):7.626194897068784
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7A39516408B078349F731D90246CEDF3
                                        SHA1:E2A9DBAAED1203BDB5B8A5EA91C324428DCA945D
                                        SHA-256:2AACD10455D0246004F95C843633F470E1273FCD9E79D36985B289C026B9D05B
                                        SHA-512:00E476D506222D45EB72CD9F6D7C797EA2E6A5B62FD1B6BD84AA7C180C35E8D47BC21164671C3451BEC18E3182E74C0D587292AC1A0F2F01D6C636258CC479B1
                                        Malicious:false
                                        Preview: .......P+.G.F..e.zw..0CA...k...!B.\.u-.15]a..W..p0i@...@.w.)... l).]..2.l!...%D.h.L..8.|.laU@.`..uFIR.w.......U....JeiV.F.$..-a'q.3.<s ...6Tt.)....q..l.4.....JQx".g1..7.s..._t....B..P....[c...V..'../G[.......A.joUCz.Ig.#.U..`..`l..@jw....DH.'|...3..3..R.....e..=.......L.....o.A."9lD.....Y.T..........}k...TTh5..wAm..*}..(..p>....3..>.......G5..@j......g@..0.L........;o..J`...8.t`..*.6mG..X......-........7G.Y......:-..7.U&...?./3.fM...T..g?.<....*X.....,A..\.+..}...l*v?:.*.E.0.h.................$...............z.'{..\VWj9......W..gqE.....*U...<..'..a2.Q...wXE.n..x..;.....~..:M.0*-..#....g'..p...cK"jB$...6e.j^.......Z;T2!.....N,..U...G..Ifp..E.=+..D....x.91D...z..$....
                                        C:\Program Files\internet explorer\SIGNUP\install.ins
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):986
                                        Entropy (8bit):7.790674884467063
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:30283A8F5AE07876FF41FCE440B26A83
                                        SHA1:9681204C1363027C49641AD5CFBB51D2DC5FDD71
                                        SHA-256:00D05416016CE272F17B06431BA481E831682EE9076A4D966E2EE2ACEFFD0CCB
                                        SHA-512:0FC627D07011A024F405C034E00AB227427312EFB64B8C2F8DD47123F410FF50880F0C51F8393DB38361C9F2780FD828A56235D3C7AFBC85925BED0FF2F8F560
                                        Malicious:false
                                        Preview: ?.w*..Y%.Lb...~R.j..@93D^a..+..)O.70...`...t.."+....._..=..B..=|d^.....{o.4.H..g.)..z.IT.'...S}.m..R.1... ..dW.f....f%;...].h.......]...u.a.....7..... ./9.8.1....m.=E...q..=...7...|......d...._v.Wj.k..xwl......]w...S..a.Y,.7oa.C..,.f2..u.../..Z...E.?.c..>\.....&P6......w..X....s.../.&.O60.P......OIX..3.?.......k..7.....q.]: .m.K.Y.i...lK.."..N.G....y8D.=ub...B.YK.yU.v..li.1m'o&..BU{bc..*k3%...F..s..\.h(W...Q%.f}.....4.....q...H....n1.o..t.f.w..I".3X|.W...:.h....B9.6........cS..,..............$.........'...~9..\..... |..p..y.r....F..S.........W.x..l..{-..d..KO..[.!_ (..,...wW..v.....#./|..4..C .00?........'.gT;>f.6#.<.|...P.u.P..[.L....O..X.s..f'...<'H...*.Z.\.p.._.....X..a..O4zV.#.#..`....8.Q.;...<.....n,... ...x._N.......\.........5..V.....6#...sU.......x..;yJ.=.....DsdS.(.+.$x.A.V3...d.y.".H...h+A)30..B...lL.2/2.......h.m...Oe.....^...W...u%o=....ko...%...w+.0....E.di..h.?.'.:t....t.Wd".....\.j.{..d.......K....f.@....A..C.b
                                        C:\Program Files\internet explorer\SIGNUP\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\internet explorer\en-US\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\internet explorer\images\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\internet explorer\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Program Files\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Adobe\ARM\ArmReport.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1400
                                        Entropy (8bit):7.8507499048237195
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3D89ABD459985E139F416C9738764556
                                        SHA1:9FF395F36E3925D9E0D7D0E312EA820D20786F09
                                        SHA-256:B4E6CBA9B83CE1F6E82CD5CE048125236583CA28653F42243F66FFA2FD116600
                                        SHA-512:DD8251FD6A0D325F615BF818F786B40101B4866DCC7E46E8EC099905A677C3C0D990736A1261AFC4B68AE40192250BEA5C6BB3FD42E9D3891A28947E795246E4
                                        Malicious:false
                                        Preview: .......w[CHz....z..(.Y(..*....k.D..c...u..k..NS9.?.....V..6.<.*..^...O(.3w`1.T....P..|.wV....*.^.YW...&..VYfl...c......V..b#..%.W..&..0...Ut..?..~l.F....z3wp..U.,}....r.e.jm'd....[rC...fE..A.\......G..f..T.<.....f..G...W8....Q..._V.t..:..VQ'.z.I.$.}.BH...T.t.B^...mJ^N......d.... ......).K.....d..IC...-.^U.w..L.\..no.A;w.~...m2E+.QW..7.$.Aj....8..r,xAEm./.Q_...w...:.....9.. .L...WM...]....+..4...n..........z...Ke.W..b.zZ..3.R...,......w >.y}..^S7d......M.Zl..x!...V..oQ.....O.......#.............$.b.......<.J..:+....n.*.1*....G.......).6.t.d.....<.>..'......m...N...^.zY..vc.67..W+...#.x....3...c..[+./.wq....F7#......a.k......v..t@"3o/Y...P..[.4....1L..V.w.Ra....l........x...R...D.|=,c.-..m..BPM..M......m.._....V.....)...JU..c....!..R..x..BG...lc..p.9......WV./.....SU.kN.......v...8(....Wg.O.F.fB.e..~...@'I!.9....._.i.......;.!....g....t...\.$9....>..2....G0.p.5(...a.A`.}.......C=>...E.I6_...G.X.....n.6.j-..s.j.6.vO...Y.U)P...D...&....
                                        C:\ProgramData\Adobe\ARM\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Adobe\Setup\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Adobe\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):952
                                        Entropy (8bit):7.765137043152891
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:088817BDDD95E8D4725F4E621D6EC3E0
                                        SHA1:C5F3ED586D51DA96EFA33085A83E6D0663E28E7A
                                        SHA-256:EDFAF6539E3664EF4B8DDEC24638D4DFA9C332B284B359A6F5D7350C38F42D15
                                        SHA-512:3BAAE691B051CE78B0BDA4A1C8B9DFD15362E67B21535F0870933D618AB0FC7EBADCC8AC4AE1EEEB4D2652CF5F79B65E9FD17B9861D3197034F0D15E4E4AA6B7
                                        Malicious:false
                                        Preview: ...b..5u.r...|7F....,.x.d4=LD.vC.^....'.L.>^.%..uk.iY...+YH..p^mW4*.9...qC6.T7d.....e.Y@....J6':.....= .ba.8....t.+...!..Y.?..Ja.F+.J..M../.h"&oq.9;..eW.Ds1.[u9...rN..j.>._a.!p..2#l...ag...k.X...$.xFBO...O`...NBQN..L+..x.F\=).f.F.n|N.!F..f..o...B?.7,kJ...^G..W.#[].wT.D.W..f...\...s...........=.^..H..F\.7tZY.q...j...x.B>..}M.6...s....U._.w.(....3.....B././.....1g.>G.'.xO^{..nn......:...C{...lHg..>Uo...M.........mt...=.0..).\..}.Bc..&.*].s.m..>..%S^...A...51..m.pi...&[..-....UfP....M.....p..z............$.........I.l.}.N.. SL..FO..0r..$kH..zi.....N..AAM....9:Z.f...Jy..L$..8[<.`.ds......o.A....ze.o.....EA~8+s..}......\...z..k~V....f/..aK..U...8}...N&.Y.Q+T.8....v....ij1..'|".;C.@H..... Y.uO.u9.y.4...a..@..T.yEb...+...t3hyU0......ma .s.q..MNc.;.b..(. 4.G....x...S.=g.U.....~."....l..qL..)....\..<m...?.Q..G}.... @%.M.m...1a.W.........D...#...).c.6...8&...1..ON....Jd7..0HE.?9X..cn?.7....<....A\.).......'A.i.........
                                        C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):884
                                        Entropy (8bit):7.737166272176541
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F94568FD663625023F9BCD1C14F2E11E
                                        SHA1:7F8F065397C22926C2E847ABB3B9D3D12734D663
                                        SHA-256:BDD3027A4B7ADF772B3F86AA61B271120B70E75A45C574B7EE858596FB17D3FB
                                        SHA-512:63128402872B38A7951DE421F2DBF84BC3AEBE64485E2F10B7CB280C6002328B1DA5DF7AC77CEC6156997D48ACB1895EFDEAA1886E6DD26BFE021C9ABAA38DB1
                                        Malicious:false
                                        Preview: .L9c...^...a~.#...f...k.x..z../Z.Lc._#.P..w.BY...UO....F9..c/.Fy..:..|....'..ZL..I.(,..E.rk*.Ck..8<..vdC.w-."..*<.2...8...Z4............h.:.f.c.....X...~.....GZuT.U.....2.....V....w..._U.-_*..............o...y6.].....z.DB9....#.:p..hZ.:i....gRO..I.K;A..uJ[vl...}D.y..I./.|.P!.gw.[.X.4.5n..g.....B......2......{"_pu.jqB .z..T.l..&....*...f.R...B?.!..Z..$y...e..c..a.!".%"%.<...pa..*.....z..6.YG.|....L.[.....*.S[ .~....Oc.r..Tr....d>@...5.F.BaT.jm;.1H1L....y...S7y...u..P..$Fs9W $3..pY...............$.^.........D..... p..1..]'Gj.Q.5.YP}...h.A.!...g.02....f.qP..{*...PD...".+..vzZ.....e......J.C..&.@.......c$...v{.....@...H....x.....N1....J32.. .......a....7S.c.x...U../<..4.-.I.....%...~.S...)4....){..9....&,...k<..U...)...O.B\....G[..0;...l..9x."..-N...zP0.u..Rw#Q5.q.3..........8..........W.@I...[.Z*h6...a`.>.{3.z...=a..?...F...&..
                                        C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):884
                                        Entropy (8bit):7.675631272806242
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:075F2874A9E4EC58B45BB8C72464DA17
                                        SHA1:A286B7678C88434C8F6F8860A97B501CEAAD348F
                                        SHA-256:80B02E678C2EE6AC5F2B9C2969AFF23A294FAF17FC766EC25E5DDC5DA2E42658
                                        SHA-512:6F33B1E5118A78E0040B34F96800E46C06879B753573D47B74A758753A294BA958AB71F55917BECC81F1E22D6818E120EBD9EF33871C3AD8D98C0D3E524A9AC7
                                        Malicious:false
                                        Preview: ....^.;..)3..hj....D..(\.......p.e.5ln....i.i.I.5o....%C........W..d..+.H%]..z.....6G..#.p@.-O.l..Uv.[#...i..8.....v..F.z.%.#.z[..3.`..*..Y{.........]I9...Q..:.BR....[..D........b...W.*r.-.}T.%.?.u.Q8+r3.2...%\..17......w?..U..{.9.i....W..*......%.6.>.xn.?|6.?....on.g..^..u....e..4bh..W.|..x.MJC'....a.8.$j..GKb....~@...u..C.H..5l.?/...kj.J.+.IK6... 3J.Al.x+1o3Oy.^{qj..$\$...`..D..r4aJ..i....ge.@...-.~>d...I..n<:bC....9.........=........s..v!ST....s...>:_9.V..u.mvD?....N..`.k............$.^.......N../........o.z^p.>....+.79...b...zak.....Z.r.......Q...,..g.....@....&.....P..[N..\...T.F..,.b.V...T?...7g.S3..^..'rkSB!|V..d.'.+...o..&....+f:..=Hk..;..!.|.w...G.:......_QC..6.zT.UNK..&[......f.s.,.4.o".+i.<...$. 2..x.Q.F.Y...5X?:S........g. .ke...;...[2d.I-....FH..:.8Ezs..~.I94?......~3.....1kb....T.r..)..x..M....+P.JKDr..V.
                                        C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):890
                                        Entropy (8bit):7.694306935130213
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D3A93324CC9855B0AD571D14D030C571
                                        SHA1:8214C2C4BCAD41DAE3A0BF58788724D2BF4C0993
                                        SHA-256:F2619F80F29809BC63AABA3B618E0613FBECBDE704F98258DA17EB1E94AE058A
                                        SHA-512:B0294F87DFE1EEBACDC11BE6153631F22D1AD3B068DAD748D2CFE92FA5FCC17958FA6185CA4D451B4CFBFC548AE2D9392C7C7D2E35AF9468361284917102D0F0
                                        Malicious:false
                                        Preview: ....s.. ...'..urj..y.+NP.6 .WX.....j..b......L.*L.s...L..\....>.;.......x.).....;.:s...d.ed.y....T..J..h9....Mo..2.....*.".7.c........U.x...n..'........^.,.~.-..(d0MHa..T..h.8bSz5.L....lk..MTM.0.cX...}..Y.Q..".*......{d..c..Em<......Q%...S.P..U....Dl.G`.C..o.u..a.|F.o.....*c.../..........y....Xv{.H..B.ku{ZB....M.....u......w+R.O..N....X"..l.f^".h.n(cJ..I.vW.m.|........r.....@.!..h....a~.7..uP.>x.+.Q`..G..Z]-.!r..|.....=...a^...Wj....s..>.-....v.#....U....{...1...w......jqs................$.d........].U..s.]...g.-..b%.t..d'...I#. y.Z..ek..o.....e..G.Y..:.D._.=Ki 4Y.u..;..x.@i.G...z.xW....F....6_..8.x..J,...x.....b..L...{8..lc...............a..:......k..v.cY..G6#.s.z.l.j.........<..qt........yY.X.E."..h_.s.*_.h.t.tP.!D.'.8t.Qb..7+].d]...2I..B(........0Ce.0.........3.. .j.C...r.(....2....K.3..;.;.R.wb.OU...H....CI.a..>..T.Q"z@R..4
                                        C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):878
                                        Entropy (8bit):7.747663089878446
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C9134D41F63870DC6D23EB76D0580108
                                        SHA1:F93B6896287A90D458E19033F9889B077E544476
                                        SHA-256:C7D00C9BD2B9E221E3E5CE711F6FE9ADE4D3B1D1F4C6DC16D4F52AF41C35CAEB
                                        SHA-512:5627543FE87A97480A9C1A59CB0A5E08FE3F573941208C6C2619EFAE248C91CACA40F79E4E22B524D862508DE55B891AEB4E2F309C56752925BE82C4A74A3D2C
                                        Malicious:false
                                        Preview: .|M2%om$..C..p..87.SUR.....A.W....=..}.a.n2WL.S~....B.M.I:d{..R.>.;.+R...|...4-.F;f.cd..6...."....F\..Q.|A...B>[..U4.....",.PA,..u...Vq./..Fn.+.?...'..)....bZ.X..f...3....&..6...Zx_.N....0.. ..Q........P...&$r_![%`.x...D.....H.r...(3....0.]%....n....fr.].._..).`.&..1R....RO.]6a4..k...w.j...S....JKpt".P.....Y^.{b.w..s.8V.....&$O.(..O,O...%.... D....5..Y.F%..n..+2..v....-.Jb6Y..Z.8C.....9..s.E...p.u...#..=l.E...BQ../..P1,`Q....=0\..x.%.7..z!..po_.S..!.>?.U...$........m."X9.;Kg.,.H,....H.!............$.X.........B.]u....|...'...:~.....C.....D.k...q.../KV..;..^....alF.p.:.e..MQ.l....e.N7......B.......T@.t85_.Q...w..|.to..8q#&j.T1ok6.{2.....a.A....s|aa.....t..".......+...:.u.j1....i{e.V.J7.^..XE@.......K..+.;L.|..._..8..C.<.].d..Jc....84j...[...."d....z`ls.....|@........,....\..?g..).t..S.I.v).:....].....K.@....._."..p.TbCD3H......
                                        C:\ProgramData\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):914
                                        Entropy (8bit):7.745292433061753
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3247255FDE4ABA9DDB96BDB7225CD041
                                        SHA1:BD6D482ED94CE3F4D043F81866D3A2EE6048A06B
                                        SHA-256:DF91CF816975197E249FBBE0166F23231366DE9FB2BA21890497900B6D92E2FE
                                        SHA-512:8C39D0DF32143BC7978022572E648C2C5CEBF479A9CABEAA0526B78DC54B40FDCDA9915F85F146A947C4DD88D9372CA371A04D7DE30F033E04F181A66D2CF164
                                        Malicious:false
                                        Preview: ....Kx..._.u=~R.j.K..q<.........Z.........y.....~....r...uS!.{#......O.....H.o..Jhq.as.*#.S...0........Z.A.....x,.qf.&D...I.A..R}.+0s..<b........E.%.\.`.....E..E.-d.R.....R..e......U..G.i.FIn.9.....u ..A..t...WMn.;..p{.!....i..V.`Q..)P..5..D.=.O.1..(........jdE..?x........./..r.4.......1...N....[.Z!t.n:B\...%cq...W........@<.....G...>....G..Y..8......|...P...O$lN.!.X..........?.C>l8..6r...N7....:...X>.}....6#`5.l...........+x.N..p^.....^@[.t.^....!.....]..?.....!..& 5.A....$.ZS5.............$.|.........^ ..@Z...).4YU.,du..+....\$o......c.....W../...K1..J.Y.1..V...q.I.bDj..85'CH.q.8.cM.+.........Q.*...R1.J.u"......K.G..*.c..$.qx.1..w..r.a..$t...]&.s.qU.Y......8{...O.8.......J.X.A..L......ECB..o.u........ ....2=.D;]....+.......j3J..W.G~...j.j..z[V...!.M..M....UR.."..n..a..G.T...<.....Ud.lK!q..y...G..~a.S@.....Xp....#)..-.Y....m.z&.j..^.c8.(......$.e.5.O..2...Y
                                        C:\ProgramData\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):920
                                        Entropy (8bit):7.728996582106572
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C9C49D8168D14C78539962A644FDCBED
                                        SHA1:E2BB8C0BDD22F6E681C1BBCA6EC9A1CC4798735C
                                        SHA-256:CCB9259FC23FA243EC3A73C542F11CE7C58C05D225D4CCA7E30DAE1BD56C1383
                                        SHA-512:5BFFBBEF4D9211B4C333112841D6C8EB5316EA9D4CFFF738FF42CBD9C7B8674A032BD79DD50950CC7A7423D4F638772EFA44FB759BDCC0441585E1DCABE46075
                                        Malicious:false
                                        Preview: .tu..8.c.i9....roK.elj.U/7?....4zn......m.8%.{.x........^.*M......H.=5..u....:4......{.u.N.G,..O...........q".s@.I.5.K6..s[.K.Z.....1\=......)3.....A..n.2d..l..t....0....sCb...Q...i....3.....{..*IB.?X2-g.M........*...t.hM......^..........q.C<.2ox]H4..P........**.....y...L....y..........$..x.....-...h.m2.X.e0.i.d1./.aD....F.....x..."...T.b..g."I..X.......\...>'.oCg.....br..W.5.(.skHC".C.... ._..r......9...P..f(.0.&@.W.k.Q.op...q.*........j.U. .p...xt....Mg.U.ns.^.'..#.............$..........6.C&p.-G.).%.%..) .\#....:{m....OY9k...%.*.\..Pz./..c...y\4r_.G....}x+1.`.'B;.?...w.fi."..I..I.-....CE.&..8.Hx]....g....-..@|<....4G...d*.......yA...+...B.8.m".VR.r.B._.B.....H.u;5b.rvnW..Z..G...7..P.hY.=.|..H...Z.K".3........3....U.h.. .l..X.\fd.`=.I?..{.v.1..J=.I..W..x.A.h.$O&.....y?qfc9&....[..S.hv.p!m.QV.*.g..#.<...[NP..\..,.[c....q.....4{..=....,.uj.+A..
                                        C:\ProgramData\Microsoft Help\MS.MSACCESS.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):902
                                        Entropy (8bit):7.779248407321845
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:87267BA3C2D586F167221B6C6BBF957C
                                        SHA1:EF828000F13D679C158CB8F0129344E4E479893E
                                        SHA-256:A0D9E1C506BCBB8A274EA2DDC14134ED3B3DB0FB7219AD3E6C53F5FADFAAFEB6
                                        SHA-512:BCE266402AD3CD30143744B6B3743E2C3E64CBECF7F8101BDF7E5AA40AA18F464FC459128710DC771FA17394BF54ADB152FC7316A719EF7F4419808F39A2A707
                                        Malicious:false
                                        Preview: ...xHZ....<...,...d..\D..5....q....I.-^......?/..;F....b.8.L.zA%n..>........`...2....&..pU.{[.4+...../..8..`...uex....Q...N.C#]...p.8^QV..8..}Qc...<9j......W..G......g..w...'...\=E.XQJ%..B..!.......XH.p.........G4..'...&.^.\OB.....*.R.....ZU..x..9...sVl.e{8.{g.........}.w|.P...`e...G)lM0.....HmF..K+1qX/m..*...H....... K..H.S.@.~.;.bU...j.O......?....!...T.y....@..h?.}.+..rw..e..o......y..^.W....5i.....SbyY.2Q..y...x.*.+...r.B!...@.G.....S-33......6.V.......l.-..Y....!*..;@V.$............$.p.......Z 3.d..M..GCU.......PT... >.$..3....5...F...-n..rj....]...m+e9.r:4...<.{..7.k...|..,.p7)X.X.O.,.e..'..l...`..g..r...:.|...I...E..a..=..t...D/;.sq...V.F(@....x....sG.L......_..H(_....rI&cZ.:.<...}....<...K*...<.'.2..('.^Q..0i..Tz_~.uL......._DIAP.I.h....>v...i.a."/...A.PA2...V.{.T......6v/.n.h.+.QWem.B.f.F..r~...qt.....Y.Ui......0JWR!.?...~~>..5..w.'
                                        C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):884
                                        Entropy (8bit):7.7451612165829635
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A30E509EC1162EFFA3D6915436FEAC5A
                                        SHA1:02E7C77DC003787D3E1985E93A6031DEE2C1513E
                                        SHA-256:00D23B30C61DB368E2FF203630BBCC8EC612D82C61A8C3918C4887928632A29D
                                        SHA-512:BAB2EF4EEEAA577E94571AFC9F8D0CBED7213ABF141A2859807E480D7EAEEF3099005DAE428420B486FD7A2A62C5D9EE77CCB47C1517A9EE6D47AE2471C28DDA
                                        Malicious:false
                                        Preview: q.K.VYK..*.g".x+TT.I.N....*.d...C...>).e...c..q.B..\Tq..^.D3...}<.J..c...q..i.E...5...+..E.V.h.L.(}m....BC..b...~6C....iZ.Uc.Q.....Q....2....~../h....".I....S.mC..T.7..L. u.[.mq.F..ir.....B.."..5...L...e.Ps.{(^Y.)....T...^.9w.A......Q.O/.....+`]-u0.N.k....ovX..>( .Hgc....H.|.d....x..@.9....?..q`.nLW.!X.x}Mit..R.Z......~....'H.....,.d.......m._/.oC....$H......4(.{`v.3N.V..ls...hQMs..&9t...u....}.....R...X^.K#....+..q..h.~...2I,..Am@.f..?..jD./x....z..H.|.........'4..&..< ..>...L.E...............$.^..........by..)....c......@.z.4L.C.....].>?.h..i^..0..P...}OH..?.p.l..1.f...w....[!zO.oN!.>r...........A...0}..Kx......7..mB..)4...z...y... ..=2.^;=)...=P8z..............@,q.E..{.(SD/4.=....a.....8....m. ..&..?5>. .}.....D...d.J.U......x2Dh.E......"fn.X....9..?4.....r....Gi.']+......r.......v).O...zs..F+.sLS..!h..i.........o.....?A...+...[
                                        C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):884
                                        Entropy (8bit):7.769426551639112
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F6109768E996771D4B4A969974758483
                                        SHA1:F51C7888E56691476F29120114A9A02EC505B72A
                                        SHA-256:4310D1C8205EF0D9AB8BF7C90A76663DA47CCACDAAEDEA74269EA9710168BD10
                                        SHA-512:B6615BA493DE7AA825E0A3DB7E122834EDFC11EE7C7AC4720B390B32A889B8E9E230312AD2EE253FAD7393D58ED254F65D5A78CBCBFBDA49D87C03646286AF22
                                        Malicious:false
                                        Preview: B.fi..Q.uty.^..r.....3...k.t.r...-u.!....(-...f...)f..N.j.O.h...n...W..Y....d..M........5..mV......-.1...f.m.....`};.v/...J.H.c...&#Z.{..jE.Na8.Y....N2*...Er.jh.\..i.4\..z$#..8...1}m]#.so...JYwR..>..#.....F......1...........|_....&...!.m.V..-.3.h.........w....nnA.i.....U.Q..!/..Sa.......~.....u.]...i.N......f.....>[.e..[.LT.+..E..6O.......39.....}.^.,_........}^.G.._......Z..X<..*E..B..8.z5w....... d.{AP.V.......I.@i1...3..3).vPf..0a.(_A...;Rr9.U;wm...9..!B8.M...%;.S....tN..'.@=q.............$.^.........)..sS_.7/....(..{2..c.l..-.0...Y.X....).."..g.n.n.sA<i...jtNd...D|%...WS.i..v.t.^%.$.~........)...$>.._..]....$.O...4]B......2)(".E...xN).W.yTj...o|....B.f........x-C..s./"....KF.n.......b..?.T.X.4`y..G.b.O..6........~D....I,........M.1.C.y..A.;'.m.*.`...:...b.^|i...jP.B.......kgK....,...9k%`..3.....0....;.A*.R.N).....<.I. ....
                                        C:\ProgramData\Microsoft Help\MS.ONENOTE.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):896
                                        Entropy (8bit):7.755891805311322
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5A883EC1AE2D7406ECD092CACAD5CF79
                                        SHA1:22C9625C143DB7BF2A0AF80B7CDE208262C2C5CB
                                        SHA-256:E730F9F0E2C20C1DC55B62F7E2C886CB805203344400E3BB9381483060B72459
                                        SHA-512:3C2B94F1BAA7D155FE3CBF8133C8ED60B89FA6B805DE2B5FFE042F340EF1C94A3C09097773F4B5BB4E1ED7564F242DAF27AF963C3B6357F69BB3C2E94E520B28
                                        Malicious:false
                                        Preview: ..Xv...\.c;aD.'....,_@...J.A.\*.a..I..r.."....J.1O;,.."....5N..:...x.l..r..?.[.........Y'z.......W I....A.+.p..../#)t{.y...b..-.)....p...Q..ynMz..|..^.`.C..=.'d....L+..4.QC9.^c~..ph.sjT.....'...Bf.4..".......m....&....i..:..Z.f...E.8<......Rtx.]..b..i,......w..])9..*R......,..H..uh3.Te...v..........g.\I....IQe..h.X/..S.|h.........k7.k.zZ...[...]..J.~.......\..XW&+.4.g...-.....>VUK.u.U..|i.:..2.#55.".R...+.C.$.^..k.._&.kWD.l.....$y.nd...I....bEFy.......9y..=.....t...h:Y..H..T,...T..............$.j...........g.......tKX..4k../.....h....i..{.-1...jQR..Z4.w..|k.^I..vW....h.Y..E[....,6..8...5.y.6B...._.q6.f....'MkF.?.......Pw...y."...z...=.... .w.......z.N.w.!. .:.>.Fd$..)..7..g^t.T...>..#...}.i.`Fx...a....R>8.|....?`m.3...;.....Q.d.G-...zcS....qQ<..Cv?.........#x!.Q;.R....R.A.Ua.....@.<qP.d.(.t@..E...v.G...X.....NN.....qS\..R..G<....i....9.v
                                        C:\ProgramData\Microsoft Help\MS.OUTLOOK.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):896
                                        Entropy (8bit):7.734340232606765
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DEE5D48D6749CED19357982FFDC13E59
                                        SHA1:5CAF8E49AF74C26453EC6FF41468E49583983D16
                                        SHA-256:D74FFF1B996CE56689E4E417A45B2578B63AE13A5145A2B8704A3E7E5BD67007
                                        SHA-512:51502A37500FBD8E531A85586DA94A6B680ECD922C063F0EE39957ECB728BE2926652D5FC966C96422B459CC055DB430F4F44348CD364480BD01F72B4129314D
                                        Malicious:false
                                        Preview: o.....m.zr...?_6...6.7C.'..+H.2.SdR.m..T.}.N&.....#...I......'...0...6.#.<.c.,!c.A......9V..p.zz.......K*m..T..4.Z.].`..'.oF{m..5.Z..4..scY~..'....x.o..}.Y....hH..t`.]m...W.p.._.:...F}...Zd_..;..'."..{....5..........C....>......|.......!.. ...0...62*..IG..qx.,u.]y..Qh....D.....=.......M*.u.wp/ .>.;.B..1<a5..vJ5.q~.{VX;q..=..9~jRhQ.B.j.D".n..6#.('..$.U...),. .....v..n.xP<.Ad7oW....{......W.....WnFn5Z&.(...U...O{#...fAf.E[.P.y.....Z.[...9fEE.%-...........4....-..,.q....&x.....X....................$.j........W..Qi.Q .>..=]....;7.]Tc._......$....wS.@H...'...*....B..+.\..].}..O/~..I!......-f..f3....i".m....m(... *....".4.wYVJjtNzy...F. .q.n...M.0.3l..j~..........N2.\.....F?R.J./:.[K.q.............,.LY..1<.9.....3.:..L....B..`...PI(.!.>.....q.Fm.d...F..._......<U...N.b...j......B..'.v.v...W.j .........*.S...e?..=....} 5./.(.>{..BgE...-."..7b.'.IQ
                                        C:\ProgramData\Microsoft Help\MS.POWERPNT.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:Clarion Developer (v2 and above) memo data
                                        Category:dropped
                                        Size (bytes):902
                                        Entropy (8bit):7.752412965688258
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:825F179D9CCD3BFB9D3F146FC8B28ECF
                                        SHA1:9ECF3566FB27D81333A92042E4C87D66BAE16047
                                        SHA-256:477F7AB551217862BE2B7E321BDEEB56B6082CD1934D8762E82D30B71D2ECC20
                                        SHA-512:4B71CFE2891D106E2B6959068A7D52C4B79C28F139296C1D2B92D5ABA3F8CA70D51A45935387FEDAB44BB43F4437200316E567389B44BE7D879586A56F5DC1CE
                                        Malicious:false
                                        Preview: M3.a........sC_..;...l..E....Q..?.h.g.l.c.....>-.0W.V.u..L...#.h....s...DT.j...v..o......A.&.?......@oq.....T...Y..Tp^...i..{.l..h......t..]Z.G.[....v...>Z..e..e.......xo......}.`..f.d.1....&m@....C.@.`:...".Z..F...6N.3.,t.u......*rT_....?gu........4...fT.[S..a7.#...a..y.....*5._..'.i....u..$^RD&.J....~......F...!.).......z_*........gE.......'....N.~.....|..e.S;=@.T.....qpz..;..3......jX.{.".................A...j.",....P....xl...0h......Z....~.7....'ve.wO....W...sA..t?............$.p.............u.O.:A.{....B..w.....`.....b.....|.=.<..i....4...j...]..".!...]).k...E...9..0.%+fl...%...G..b/Z..........sT...h..m..G.....P.L[.N..B..].u..........%.....:.~m.-.zb.....o8.,..|..E =H/k.X....#qE"Vur.....i.......-......e.M{...rqc.h.oN..+0.A...:.gX.s.Q..^ .....H........*...(..y.i..?S:.e....O.B.h........yw..I=..p.x.5.....s........?*i...(.....%......}
                                        C:\ProgramData\Microsoft Help\MS.SETLANG.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):896
                                        Entropy (8bit):7.720516043425646
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:49BDD30529F85EC82381CDBBA53004CC
                                        SHA1:E054A57FECA906510855F9668E4D245B66D5FD26
                                        SHA-256:8792E9BB19420CFA359A0EC80BDC1CDAE30C54CFBA3C2BE6654F421E6449F16C
                                        SHA-512:17E1FCF9479E2428BD6EC24BAD34EC431740B228951B934B258E33D799B4BF405B1F9C2F845844236D4B56F839B15AF5ACD4476E8D6FC0F31BB2A9A03C65F140
                                        Malicious:false
                                        Preview: .,B.?G}...s|.i].M.!f,.."...._C.2[...@..eN:..6..>S.M..X}..`..$....A..[.Y`_.+.adm.i....9)..eE..Z...Z.f..s)oj;....Y..g].t.9.....a.P)..Ai.....a.V..T...|x.Q.FA.I?W......<..=cDl1:.(<.+65..9..C.Mjo..H5....D. .C.x....p..s....,D1..r.W.........f..A.xb..a.1..G....[..?+..Uc?Q.:R......".}>,.8.....h.%.........y. ....8.3..2.....n..<...c.......U....[...L...E..FLy..P..a..}......K.W...L~..........i.\BS..."?j\........3.T.|O..n..Q.g.G.Q.N..QM.Z.[...A.8./..1)L.Y+n!..@_.L.L..@8........Vo1.'....}.....#..............$.j.........,...-.YV........P..........c.|.... ..drj.Yl.........L.m..mG....Di..\..*.{....C>v.d.X.f.....F....p.9....?..~.p:.d.......n........bY.f....+..jQ....;........5t.ge..ht-P.?..?v.Z.....~h..D ..._..e.2.3....2.G....(D-.cs.j......\.C..c0.......g(.4}?...CE...#\.{Hf.....=....|._...n..Zv..........O..<Z.|....I...=.<.C..[C/..g......w..U.O.7.(.1.4..
                                        C:\ProgramData\Microsoft Help\MS.SKYPEFB.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):896
                                        Entropy (8bit):7.771943422302608
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F79E8E238394C523FDBE0326F3BF0101
                                        SHA1:727C57A1E2994489953DF050330CF708E9CDCA3C
                                        SHA-256:DB53D5294D14171524FBEC47EAA9E03EC1B42F6EE11A6E089101C31443767434
                                        SHA-512:415ABBBB8EC34EFB91D8BFDFAE4C6776C5C87B5EB4D9449FD89B8BC2CA83110948B91570D652347698EE8E2341192C637898F925389248B03097F4E49B62864C
                                        Malicious:false
                                        Preview: m{...A.4h_."....c......p...n.L.....d.oS...z.<.\0T.....\............:.d1(...PIu.J.@..9.../':.V].&708_..p#..../lrtwx..vc..<+<y..pW.R...H..o......O{.2.7tM._Bdc.z.K..m..._Ns..3]..Pck+......G....b2.....".H.MY.GKxL.[*.#..XYk....0....YI............k%.+%.8.][....>.8..U!...(..$...C.b.q.e..*........V.54...p....!..|....!&..v..a..b,s.Ln. ..(...x...H...1,].a....i...M..0.u.IE.....P(".0..O..z.URv..8..g.VOd...A{.`w.Y..$...-yQ........f/B).....;....~..T.a}..{P.. ..7..$|..*...-v...u.i.E.rL...j...oO.}............$.j..........]A...ZJ[.....t....[<.3G_.Xw...u..v...f..........e7..T...t:.9\.o%..s.V(Xub.\#...d...F.$.Z.N....x...l%...=PI...~..:.`..D$....q.....p...I..RB...&.~..eU...z....M]M1.xsT.ra..E..a...4e.Pz.e.J}.S-<..6.>./.T5l'[D\.e-..._.........'.A".Ja..&....6.ln..8...'.m......v...F...;.....[...R,r..K...R...k...W$)Bz...........m.Wg}...j...!>.c^....,..Q.."k....o..YyJ.
                                        C:\ProgramData\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):7.744222408894534
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A697EA36116D3752A85B2F3B9FAAB5B5
                                        SHA1:EA701CAD0DFF364AE8A190825D34F1D60B11C7D1
                                        SHA-256:A48C6CBD7934D0894E7DA7E7BB27AF9B4F5E0A05896CA9A3A02A30056E235AE0
                                        SHA-512:AA01866C2194D913BF6B5F017BA0FBCA321419755D4ED6A7E0C4A826C3A6D59E9694F98F0BBD01CD3459969405A3785BE227F19BCC8AD1F345377743A1CDFCDD
                                        Malicious:false
                                        Preview: .Y.9..8.'L.X{...`."/.VKp.t".F.g.B._..W.NH..[.3:..!.k..kH.*7^..k.^..yp5.v_...ri.....<u..j...+..$c.....9^MWhYU..$..8..'Wz..lI...K..hR.."(......%.a.F...D.[S.\cs..Q3.`.*..#.O..q..n....?..:....df..@U~.).A3..K.....!d...u.xt3....10AF....Q....b'..x....Rv.A....b..S.*8.&.1...z..D%a#.+.W..c...9..aN.2...t.+....g...q.1.A....`*.._.u-.Zu...C.(_..;.#...j.WJ>q.W..?5..wF.8..}...OI.;...3U...3.H.._8#c}.......\.6<..O...p..|W}....y(......0......._.(X5.sWT2...5.MC.Zl.k.e.........e.0\8..:.!..^I.7...'.B....?..PO.............$.........Ny..%.*..f30C\.+1...k..K...j..1.....B......:86...c..l...Gu...t..`8.>f.+._..ay....Q.6a.........i..s.|..%......R2..R...E.x..E..)12-6...8...f..&....W.^......^...s..!......7......2...!FZ....4nq.j...]E6%.D\.T'h6:7....@...L9.p-W#}..D.....F...J......#...N....,...0..GAQ...\,=fE..fQ6{..S..H......\....i..j....DV.Q.\..}.R.$. ...0v...Y..}.&g...m.B..M./W.[....97`K...y92$7...Z.h.a9.
                                        C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):938
                                        Entropy (8bit):7.723534470893735
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:602FCB47E883D847247D574007512689
                                        SHA1:4BAD4018815593D1C0AC87E84C4F035496922B6C
                                        SHA-256:20ED69A6BD5B79510EB19710EDF93C2BF1B6AA095C9106FA9DB54E2296BA828D
                                        SHA-512:4E85F4EBF804B7A67318A0F2BD60919A4A847BBE55B2D899A326D79D466A1A4FB60747ADC5BD552F14AC113D7E80AF091AC4C7B70136763ED25DA1F8ED4117AF
                                        Malicious:false
                                        Preview: ....MO.Y.. n{.UE8....Zw.Q.P...nN...C....X.l..Cx./..WR:......>.r..E.....h.o1...}...."..,.{.\..H,.mW...aN..X8.Fo..C....S.....CG.jt.b..^O...7..[......E.....{....D.5..{.1...|W.)..T3v....'!..6Nl<=?+....S...$..V.7Pu..f+.S..{..@..t..0|.........T..-..=Rf..<...[...h.......!|...*fw.*?.<.n.$...G......'._p...,p.9..m..+.U.!3B.y8.om..fS.W0.......0R.......e...r...CXc..B.0~x.......lQ.....[.3.J.8..PR....q.>e....t.....`N..s..i......[af.I.U.R...5E....P..7.).-Y..a.\...x.E....n..R...&..L"........g...............$.........iW_.Bm.......NL|.9..h$..s......]~$f..a..Q..i..2...a....u!.I...>;....-......E.....3.U.z..n.,W....)G`8m.Z.....#.[r.z..:..)...Z..%+K...Q.q..8]~.J....b@..R.:c?..>T..q..a.u..'....3W..3y.@...m....0..$,M....T.n<$>....F.B..... -........D...f.yq*..6..E.<.!^....7...;#8i.y8.u.w .O.\Oz....#.J.;^.uP...8xH...m.2..|....t!`..b*.5+......3..R......%s|S..k.o{..y..:u.U..}pm5..s....5...u..=+....F..7..ZR.22..#
                                        C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):944
                                        Entropy (8bit):7.746739077643585
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4D89137891837CE19DA8A3CE12936A50
                                        SHA1:44243827974DC5470B1A10CC5F1547726E2D1E31
                                        SHA-256:61395D7976AE8E6604A6F068F31F270D740482848FE82ABDB66496A723D3B501
                                        SHA-512:8FE89BAF606465B9FEAA6EE5FD76B6476D99C38F9F596ECFF4F43F78CA2AC1278F6B2FD47361127F561ADA41D8D3C9475DA24E708EE3E7FA7B512D6C84E22C52
                                        Malicious:false
                                        Preview: ..C.],.....q .s.#.\...5.).'.:..j.7.&g8..'...c......bU""..<"...W.EO.k..J.:.GeG...y..o...,..3.g.P.....o.i.Uy./...N..:$.d.<4(..$..+;.U...Om.g9FyH.*...#.H.s.l..).@......M.4t...eh.;..$.?.:..TWq.7j........YFz.....T.ol.kWh6.....Ol.w...&.zb.-&Y.g[Ba.s.A....f......]D.....j......./..`...z...K(...Xs..3$...9g^.+O&..G......H.N\.Ayh.D."qc|. 5.>.4...U\.3..|........w.z.%.&..#........^..yy...7.o.<`.;9z..o.*...S.....C...H..N.h....p:.R>N|..J0.....n.>.kap.].msw.1.)........O.,\...q....Jyp....U..D..!}.R............$..........G..j..c.9.&vsX&.^.Zohrp...p Y>....?..Gw+Q...`.4.9..+.......@x3. R....r0i.LU......i......C.y.........r.Z....yK.f#.bM..j8.{...5Z."D..6....(.7..j.^.%@2...0...5.H...Mx.....d/......U'....%._1J.....e....a.6.+...;.L...nm.J...c+.&M>.:.K&..qp1....Q.. o.S{.....>...04*.E.o..-+E`..a.Q....|*.2.g8..'o...C.].1ZW....n..E.M|...........).}).q..^..X....d.Od!.3......wDq...n.cc84.*.[...Hx[.H.....3....
                                        C:\ProgramData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):970
                                        Entropy (8bit):7.780421598110298
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:56E298CFD2D2A3FA3C8FE511FAC6B797
                                        SHA1:8503A137EB6EE0A61692E11C633E7914CA2EFBC2
                                        SHA-256:1BDB1BBE3C2B8BE312A9E39424996FBB749F82473A5B427465E74FBAB6F8FE66
                                        SHA-512:73AAED5DA813D6D3692AA02D076F3CF4FE3730EFCFF43161FB9E92B7335A989E6175BDDFD68DECD2D3131ADDC298DF2BA681BC5EAFA716D783ED4637DAF1FBED
                                        Malicious:false
                                        Preview: .#.).+.fN$..*.$..L.?..|..b....ux.I......=..=LS....;i....f..;.q.11./...Le.$J..V.{..Y.X...5."K]s...{H....\%.V#;D.].p.].?.dO-........Q. .b...&.......Gg.,'.&.*.3.-.......P.....,.jL;wz...AJ...'o0..Z!....v9u...u..V.EWlE.w.c5\........7x..*.l!.A$.....B........`Iv.`..gA..`.....n.....\.d.r;...1..RQ....m.7.X.Q.._p'?....!.[...Jv.... ....j..K..K.Z....?.e7..Zs\.._}....YpR..s@.="..f*.`.$..*....X...7.B'G5....$:..........".'6..\........`}..%-.7.y...v....K.......m.....Wb......W.VtEj...T.~fP.;.V....................$..........|i..@..C.d.F./I..+..(z.6..dr.0T..s.f..<....z..\O.u...A.VY.3.....2m..H.q..../.e=.H....kS.&b...f,.2.c..UC..m..;.c)?..eDW.-.1.X/..T~.!iO.a..!..'N...*8....b...[ow..7....!.....E..`..@.j..Tk1<.c.,.iT.C.].5.|...XL....{.b1(8 .....y.^..D.R.nl...Y....&.'+.f.m?l....FJ.GOQ..[.&..{.=VZ8.5f.P.\.f....,..3..k.h.!(.<.b.4.A7nX.....F]m..l..-...W.....#.{.....B..kXvs....,[....se@k.1(..2.J..l.......bx7{.l...BD...UA&.........."...|....
                                        C:\ProgramData\Microsoft Help\MS.WINWORD.16.1033.hxn
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):896
                                        Entropy (8bit):7.747921784751309
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AF7AD82246256B14459D3FEF378525AA
                                        SHA1:0A76BF5077A2CD0D8A033AA6FEF1FAEEDB9224C7
                                        SHA-256:F80B0BBCD9184F8059B9DD6332D3B05225B0C780CDAA956C45730AA7308F330D
                                        SHA-512:64ED6F94E05332E9C25ACB1E15C3C567599E33653F3F2E58F266674196DB1FB03CC17426A4E687C34DA1168F72FBB52BF58487C7E5902FDC2C316F78610A878D
                                        Malicious:false
                                        Preview: .Ds&...PE.p.V'..x-"......X.....V!.H.F.....$A.qGq2.U@...-.,eb@.....'D[...4..m...]+PL.N.".WV .D?.*6gf.B..u.b.T.).....3....~..[..oE...5.*...F..2@.z..:..@.....V.o.r...P..iJ..~.f..ER..........9...[A..:.`...X..7B.......J'......T..........R..q.F.....U...X...F.g<K....h..C....x....QkG.o..*?.H.5..nGB.4.Q......i..8...tM...i.V5~\m(..3.@#.K..O.}xT#S.L.....h...q.0....#,<..p.Hn......4w....C1l.x'DE.....E..%....Y.d%../...JR3......0i..F..7....2.%]PM-._\.o`.Cl...K....u...:...u !....@.@.%_........f.D............$.j.......P...1vf....&.C...,.~..F.q....[..!....k.{............*....m.....>I........<..)..$.c.+x%<.}o...P.z._...M...d..XB.."...1%..........T7..."T7Y.w...e.!.5%.6...'N....F....w..SO0.+u.V..$..i..v~.z..~. |`yV...3dL.|.......9.J.Ni.e..A.u...3.'|.t.~.K3.B.f...|f^..X.L_7m..M,W.j}x..<.8N...s..?.YQ.@.A.ov.i..E.<Z..W..!-....a.......j..H.8...$....p.o[........
                                        C:\ProgramData\Microsoft Help\nslist.hxl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):6796
                                        Entropy (8bit):7.973722411102492
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E50DA2CF21526375CF39117D417CE52E
                                        SHA1:714CCDC74340B868404924759EF42CED141C3CFF
                                        SHA-256:910D46FBE944A31D5DDF0927B61D16BDA7309CAA6D2E5A813A47DF4B9CF4FAB1
                                        SHA-512:441CAAFC7FB60244E6467209761786330E40589F926F5265182853E782B94D75F9E777B42C416AFCB5BE6A4550C6B6216E672FDED5265C20A5D26EA376C1C364
                                        Malicious:false
                                        Preview: .....E`.Pk..~.........t.#.......L.I.:.~.a..y....!....H...."^...T.....".W0f...?.....\/g.....~>..X..utr..6g.....c....3..L...[^.T......h.c4.6....fsx....O....F....2...v.Nx.".0aU.\.......q.;..(<MK?s.w.....A.Y9.h...J..a.~...DfW.dS.ba....{..eLu...y.n..".......N}D.5..7...m.M..!..&]Tkk=.H..z.....[7c~.......{.t.f.F..l....-g[.q.p.AL..]D X.{.m.uG1TS...a...H.SW./H......i.....-,v.>........NU.g......T.IA ._..Gef^.....'......3X.@..>..M~.....A...a....1......../qG6..*!\b&S#. Hq=r@!...9ev..^............$.v........IQ..b.F*.,._..k...8..`.r..A.5...{.x.V..}f...Sl!..t@......7.K..........92..t....kJ..\4.......qD..i.....f."HF..<....[.?4g.fM8.D.MA.=d@..yw.........P+.q5u......63B......Oy...x..wV...h....I.!..=<...3..N...$l\\..>7.6...E...|3Jb.*..JR..U....,/..mU........k._.l1I....(........./.)dI.=...E.<5>..A"....K$...<s.r.E].'.G...z...7..lc....l.v}`..C3.c>ye.g/....Ff.Iic....B.Y..O........8BB..;...Yp......u3.8...(D@%H.f..z.f~....[.EZ.q....z...L..YT.lK...........
                                        C:\ProgramData\Microsoft Help\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft OneDrive\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft OneDrive\setup\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft OneDrive\setup\refcount.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):559
                                        Entropy (8bit):7.536238873872133
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2BFA26B266F9FEF4B44BCF5448A8BEB2
                                        SHA1:6292E1056849A4F331CBDB6353535C66B9BCD627
                                        SHA-256:56FB3A7ED692BA8DD96E7657EEDEC61BC7721317147FB367AAA3FAF377F483BF
                                        SHA-512:FAD0A86C83C8C89BCBB80DEDD34A638352FC5A74B3789B7921B5B7BF920AE0CD717452D123CE86C081C8777F783348E06C96F8ECDD893109D29F9FF33A5433D9
                                        Malicious:false
                                        Preview: ...j....C.:(.....`......G...URv..c..=*w..,.....=..i'....q.)l.\.,..W.W.r/y.S...7...J.(0KUz).}...x*'..+...X...%.].K..F..G...^|....o/.[.Q.....\.....:v92..a.r4=.t.U.;?l0...C..E...c......j.....":.3..<..>A...._.};i..}.E35B...N.. pf...9..n..w3`+.q..f^=...`..U..:...6.Z'......pu.;Q..`..M.Z.<......ox.}...a...._c..W.o...#Ytup...Y.[..._.rW...l......U=..>.g;........3-.<...F..h.:x.`}.Uc...v.g=a.U.........)...s7..Zn...J.u$..@.......$u....g+...6.=.b.:..K..S.k.$w..N|.l6F.....++fIO2d..#o....E;.#\...>..............$............%V...tW...r......9..
                                        C:\ProgramData\Microsoft\AppV\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Crypto\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\DRM\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Device Stage\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\DeviceSync\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Diagnosis\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\IdentityCRL\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\MF\Active.GRL
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:PGP\011Secret Sub-key -
                                        Category:dropped
                                        Size (bytes):15506
                                        Entropy (8bit):7.989216904940584
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FCF6A5C23BD66FAB2E9ADEE252674AA7
                                        SHA1:6AD8FAE2F1717A981DBCB90F68D98313C4A19818
                                        SHA-256:8597C2DE587B3B00A8A76F2E9789904568A38A36D247331423FEF8D0B803A51B
                                        SHA-512:7151D315269D14C2F740A4B68E2D42094D68546D04DDE5F528869DAD5C294F8E2882BB12D2E478F67E371DB75FFB2B6C4184339C78EEEBFCBDB777072E37F981
                                        Malicious:false
                                        Preview: .|;`K......LA+uYLJ%.f1.2]go.<h...U...Z.s...`..|.j....d;q....r..(_..1{..4E2k.a.Yt~.[..........^..tOmTJ..q]....t/"..B.w....{.bU..j.....0...[..#.X.T.)5..!.\.F.....)`#...e....u?yy..x..m.....G..{.p...9.p..Z...O..(s.j..OS...........%:.....r..0Z.%O..\>....6......t.q..p.F..+...V..j..D..?.!@.!+q.xb..s`..VV..'..0.B.7..."Wd3Ik..P:8)J.YM./.......q.....a..r.......qJ[...~.YR.T..4..O..K..B!..f/..!.'..P..Js.....|j..`...-.@T-s.h...4^9.7...$.J.)....Bp..q\...g...G..-^B...x.k..a..tY$5.;Q._.].....M.!.fq .............$.|:......pmn.u.R.[....u..(.r.yr.eB'V...c..r..v..$..b.e...d...s...1......H.E.LJ^.....U..lc.J..8...r.q....[....&].?4..14.X.|..L~.e..g..c.I....r.....r-8%....S..6....DoTX....V.....*..wF...b.......L.Z...?.n<.....S...e.6.k.1..$.. ......>CuN!).-z_..a...6.>s..c.t./i...d..t...zn..F...|....T.B..4...$[r.....`...\..D.]....Z|..He..0O.>.........7..p.l.v...v....:.l..Y.50...@Q...z9.J.....eC.....Q..w>..F.....ll".j ......<......?...q...,.f...l_z.......N.!.m+<....
                                        C:\ProgramData\Microsoft\MF\Pending.GRL
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):15506
                                        Entropy (8bit):7.98803754437322
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:034633B08AA80B4669322C35042DC0DB
                                        SHA1:9D5AB045A628B0A18B99EDDDA7B1CBC71307DD96
                                        SHA-256:72D97380848BDDED491CBA2CFC74631D3ABD04BED69BE757045F28D343860037
                                        SHA-512:6CD1460838C35C5289C6A585315EEE11078924FDB053BACB4ADC718AC0C9C2C531403AD5666EF809AC94444844926FB43AABCE4AAA263221AD0561A1873DADD1
                                        Malicious:false
                                        Preview: ..D;..}4....OE..?j.<.C..A.d3.9.....w.iS....I......d.O)..._..$.G....b ..FlrX.E...l...H....X=.P..k.$....,-...&..*.@o....v]...D...9p..!>..PW...B...Q.B.[.G......O.xq..=.@..._..A...>..q+8Q..d#w.lh,<..JK.>.q.R....H&~..S..@p...5S.Ed..41..D.'^.o....!"..d..{._C..^.1!)[.\s"q..&.}....'./....Vc..>..7..FRz.......n..d.p..l#CE......O#;z+......C..Q5...J.....V....;Q..Q+X.T.6.5.t...L3om.2B...b..=...@;..`LP..]..d......lj...._..;.J..2IQ.....x....n0r 4y.:.I..(.r.t..;..p.lt...2...#lBu...T{.......Y.M.<.............$.|:.......2mMC$dg..w.A...G!.............1I/...wA.)I..2[.#).........g.S..Kq..bQN...D.k.s..2.U./..{......~N9VW]?..~...QE.V...s..../&..-..z}..C.i|..r.]...&.~YS.......]#`V........n.I .a.7^\....YJh.h.|....%HQs....+.).X}...... $. L..].0..4....F.H..S.<.0v;......D.#.A....(~.}...M.$...#BC.._..6.i...P.N...x....yD..UjDS..4=.W....o..s./...f..-...V......}sV..F.5:1..f ....n.f..Y3<.c.{.5-.vP.....S.4....i...q.....K.I..............x.k..[.c.#.T......e.~I.m...@&.O+#.
                                        C:\ProgramData\Microsoft\MF\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\MapData\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\NetFramework\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Network\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5964
                                        Entropy (8bit):7.968476897367807
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DA18AAC123AD61A5E981FDBEAB3978CD
                                        SHA1:2F0E9FC55B9DE4A17C8E343FE655D09D65943CFA
                                        SHA-256:4ADF94CF8533D0CB4EE342FFE0066223F9A3471F5DBBA257D04DA024F4FF4E8E
                                        SHA-512:1AB272BD4060577106D2C16429CB8DA12B3A28515FE95C9A1EDD02B01FF2A38B3A12F77F3A33263909DA944259A501052E5B8281CEABA85F839CF5A9227A25D7
                                        Malicious:false
                                        Preview: .0....0.u."..^.Y."......sTr?>.MW5.....P.o....I.T..T.K.x..."....H.J80.X.[?._.hML....w..Qs..5....._....%.MC...=...u4<..F....R_...#.......O,....?I.Z.Dp..0.0>....N#...$h...:.\e....un>.1.....{.^.u}...x<..TL.>\......>.....A...+.Ey....0Rd.r:.I......R.DB].f.8..c.;Cpy.(AX.f5....`P...m.U.I;Y..A.....&...Q.S.......q.#...0.RA..*"f..xo.=h.......7I..O...~^.l8,.y#c<.1.}A*v.v......S.>.GH.B.,.Y..G...."5.j.p.kp..0..ll..v/.*....(..q|F.c..n.a,/[Hz.QH..G.....A.....A..4..;.1...C...!..d.l.g.U.mw..6..n.............$.6..............>.6.....i..7...[.GY)m$....y ...o...y9t;.;.^.X.W.Z.>.!...........F<..TO...k......Y.*. ...7u.tj.n......3&....i.]Z~...z...,.rd.YPN.(.e..z..F.P.N..R.*Y.........:..a....;.H...:......'..N..x>..6v,....{...44..$.og.:...v~...H.E-..'.j!.<.j..Wa.kB(.vUe.....iR,....,.....S.>.1.V.p....?...k".o......@.@b.(Mz.9..&.y.....k.2epfw.$0.5...am..}.._~..8).C.l...:....$E..W.9.b....nG..O.}A..v.CC.~ ,d..q[K>.M....bR$..k.O...ZR.J<.>..x....._[..G.S).MH/$b%....
                                        C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):25748
                                        Entropy (8bit):7.992915207239811
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:8FE2EA4D8BEED2306954C2A2D56FEFC6
                                        SHA1:3CC350EA0E55493C5A76B41090AA69B0D413FCA2
                                        SHA-256:2EC44E7333363EE21F0040EB334540FDD2BE09C6B3EF23F0F9FC887E182CC77B
                                        SHA-512:A467FD92CB3DADDD8941A73236038A3207C3AFCF8AF808BDADCD79A90040071C04A9CA098511062795490DFA7C0AC9B454644B3F7E7DEE16032A847D28B4B5B8
                                        Malicious:true
                                        Preview: %T.s....v..$.of.......'.p=.r..WGI..\.f]%r:^%.0.9.v}D..R.....U}y*...6...3$......Z....CV%...N........IK.....;N<|.h.v.-.!.p..>..b.C....I.4O.(..KE..}.n.-t^...._.w.0;.11D%6.Gq.%S.^..?)..7.Re.8.l.o....<1..&...^.<r...'..[a.:O......._4:07. ....E..?Kg......=u.J..=....<......0....W..S('F.g.:.?....s...he..+u..[..Sc.:....U...1v...._.=.X....X........(Kz p..40..p.....J.J...$.(nV......(..TB.8M...1..F......N.....Z..r....p.y0.....O.Q/..+.j.....ZP...<_3..c7{.."^.DOy.J.T..._....\.r.s.@.......S<4..4.k.;............$.~b......}..L^......#[..]>.|.`.Z.pg`p.'y5.Oa...;.s5._.:..4M`.d..C.3/....w.?...7:+..q6....u-.ek.,.......:.....)F...m.3.(g..s..H....Q.]....>=....0........M.u..N.x...-.eg.....G...l~...U%b.b.....VG.O...5d]Vb..I|o$....2.V%.J,no....^..-..7.....x;A......$]........g..`n.%.73.....U-..w|....I7...:./......Y....|I..9.."..|..<...............!+.sM/b9......'d#.V^M..}..*..t!..Lh\}).b.O...`..'...g.)5c.q.>/.....g|e..@F. qj...e.S.Q..x.4|....M[....^j`...3..f+
                                        C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):99806
                                        Entropy (8bit):7.997799848611556
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:567739FB6DEC492CEDE70EB0466421D4
                                        SHA1:F1E65E2514EB54AE3BE8F048E6F5E6F372E73D72
                                        SHA-256:457AFE028BEFDF44BB23242AA54BD015C6360995A3BA22B49E47C2119524CA9D
                                        SHA-512:4F0DDD16A1466B0E21063096DC7777562728A7642FD213092149454EAAFDAC5EBB273F1FAE99842F604C4633075E0191270F805AA061146FCFD72924E1BA7B55
                                        Malicious:true
                                        Preview: i8.9.{.74G.... .........c.4....^..D..(YV..dK...B..yt..7E.e.....D.d....;N[a.!.6.C.....n.B..<...U..\.........nu....2...+..!h....rQ...qI......5...h..y_....+E..n.:ac%.LiR..+...r.......p...H.#b.]...8....h>.n..).%#,........=C.R.@..o..J@...Q..*@.hL!..p.r:3.M.sk....o..h......C.P.;u.,n!.o.].........ul./...s.b...%..PK..EJ..I..J...3.skf..xAt..x%@.t.tn..M.6.......$...W-.U...k.....b.D).).v..E0".].m:&.1...FI.h......sl%~.z.t..g/...S5.i...:.2..M..().^..5.._r.d.."..|.S...MJ...6.@..f.y....*.I;!.....GA............$..........Ld...qk....D.....h8..m...z....2k:..hls..........+.9...S"..M.!%......h...%.r?.CrgO.Q]].f....6......t....A..a?...X....`.7..*3....3n.....!x..M.@Y%./...V.._...........[.is..g.....;'?~D...M..1\.....v:..x<j.e.b.b!o......Y.M....d.I......."f.:.!".'......?.E.K&=...J;.........5.5.#q.....^3.c......Fx .[.ii.dW...k..&.&....p{xA4&4=!.5..].n}`C.nX...?.Q"..x...MC.......J....-.rq.)-3R..|D...&f.....+.R@.C...V6.p.]..6.#........e".5..n...y-..5....@vZ%....m/"....
                                        C:\ProgramData\Microsoft\OFFICE\MySite.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):25748
                                        Entropy (8bit):7.993502965250121
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:8A140B83E2E09D0FFDEB776EF997D152
                                        SHA1:3BF07FF2BEFE1285D3D94A5BA991600D07D565E3
                                        SHA-256:B0F40B38C8E47C93A25775FF01EB9964CA17B76A01826A88839EF40AE4B0BF9B
                                        SHA-512:187F18C080B7AA96E45ABC743E29A8FE6D8CE4210B0662800331B046C330ECDFE7A320DD0C608B5D891286EF8FB105D622BB6B55948E49C77BE93DDF220C13A7
                                        Malicious:true
                                        Preview: k..@i.D.........@.x....-..7..../P.sfA.P.!*.6C ....G....,...4..j.*...^......u.p.7M.p.t..A.j.......=...,..6..6..5..&^.@:.l.W.......4..'o..ZLS<.D...\YF7.r.?.....u.g..:..@..c...E>vu&.DE.`..]....*..7w..k.mo.4..#.....:.K....[p}..fIYT6gKiV..t.6.r.=e..?/..Z...X...8U....i..R...P..v...._...,o...J/.W...V..f$A..YQ...,]D..u..xAG.......6>h.'.84...............kA...G_E.f..`|.....~)..S.f......C4,;?..aq_.-..9.A.b.U.0..~k`...~.i.e.B.M.7H|Td.a..CY..er.,...pI..m....RC.4 .\.O[.i...)HRN.YBI......h[.".\............$.~b......e....?e.a21%...]g.....4...p.M....W.yMp..N......v....b.!...../H.o.g._..k.x.i.W...g.....1.......+.+.....%='.b.gh.n....7.U..#......z@[.....!..`$i,^...1....*j.D,........F}..d.... ..]O.]7.w..Xu...^....K..8.Y'.!W...(.2.G..c..s..1......D...L......o...<.Bd.oF".O..........."...|.(...||...3.L.dB..]~S2.Y..^.Xq...,..X.0.}pp.8e...@.>`..v.}.......R.<.!!.0S...}.]..U......4..R....o..^...Wi....f..K.h!=.I..~5...h.@.8...O.sw3t.....g=...oa..O.|.Z.7..2..
                                        C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):25748
                                        Entropy (8bit):7.9917158418793495
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:786A75AFD2F7DFCA0E66B20F8851C78E
                                        SHA1:1BF729885F11C5DF770017F96A1CADF46379C43B
                                        SHA-256:80E7F0A2DB8630880F67B9B2948FFD618E0D34F8AF2C8B738343915A1745A396
                                        SHA-512:90BF6DC1801510C5C014B5BDCB9C61F3F63D5AE676BFF6F9DD9B99A2296C428E84F6CAAA938FF55DE6D7DBEC75504AB5E763026E4A8ECD51B7B42DFB83723C4C
                                        Malicious:true
                                        Preview: .s...M.53+..,._.q..i.1...@^T.d.'.a...Z...=)Jc..R^..} F..a:U....{.F0....r...~.)w.....+).Q.....Ri..8....gw.l......e........X3'/?W.3u..1.kp.v.0../C....K|..sm...%;.E.%1..?.v.......\$.V..X...........7$.>G..._..%.f\.x..'>P....O..)......H.........'~1.......,...7v.J.X.E..9P`7.....}.&E.lJ.9.5..q..tO...g.*...r=Gb.A..H..#=........o..X....h..?...)> L........~+>.'h..h..c.h...............i...#..`d..jFC....D.1..1dr..k!..........VQ.T.;[$....+...G........:...F...=VbP*..!...)N.d.S.T.Yo.............$.~b.......A.>..-Z.o.;...v..W3.D.d`~c...,...}. ..!....6....E..2r..OM..V^"..L...n.e.."gB..k.~G..|.=kZ,..N3^.{+...j=0.!V...~..?.f.*..\.....T....!8..\\.r"!..T.....Zx.h..vv ...z....E.9>.a..E.!.b..=...C......k.#.+...a...U?.x.....(#/............bh.....M0.$QL.U.v..yj..]\Fj..~....Y.L....NE...k$....L....2...X.&..D....k6.+.....N...9....*.......%<.c*.. o.-..r....p....H.4+..OX:.3z.9....K.5Vd...A.*..K|..{[V4....*.J.+jy..aVHG1U.a........=......<a.!.3...0........-._...$.{.
                                        C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):25748
                                        Entropy (8bit):7.9929176484613365
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:C3A75193397284550CEEF086778B954F
                                        SHA1:BCAB5B61B4403C1240F56CF7F658A16854AF0EFD
                                        SHA-256:E3B691E1B4237EB153FDE8EFB657E2FD6CEA479DEE52AF1E860EE66B956B6B84
                                        SHA-512:F942A05C73FC377E4CA98CA81B6B68509E84CC0D5E1B2F0ECA55CF9745EE20BB715882215583A7D8804AAFB96F54477C333C2FDE6A235927A06BB1855885A525
                                        Malicious:true
                                        Preview: ..........Q-;. ..xL.o`Y.(..%..o..Q-..&.v...z|...7.k.8..DM..GX.....U.NT.>."....R.....p....28gux.s[...."....;.M.q.g..)).aZ:.IJ.;8.N.'.w'.....fP.g......<..rz..X....z..N.......#.=...<MkV..>.o..Wn`......./y.7.$....T/?*.:.....%.....[..g.s.....|.[...3c....fen.I...Y.U.7.`.. .x~..9p.f{....p...n..'..)..b......A...g@.0.$b.[.Zw...cc $\#.......'5.!R.P.OM.....G...#?98..8.._3....{...~9,.z.c.{O.C+....aom.D7.fEf"...nH.....{ai.?3Z../#\..s...To"...S.U..y.d...?........./N..#....;..$.R.:....(_9....k."............$.~b........".3..4...$.w.%A...... ...].,...X......PDs..7.q..9.4..fU....6..W......A.+pcT..\.....b.........".d...K..l..=U..a[...D.Fh..he...G.R....0X]..L...$....>5.q..!70..!.%......U..x@?J....8.. +.....R...S..1....X'........*.H..@s..........RL.D,....X5..gCeV&.>./9.9...~._*....T.N..=9nF~%.H.....Tblj.b.....$....b............g..7V.]....p}.......>1......g..J.'[.!....a..(>.*...;.O....*.-U.gD.]D..I...Y=.1S.NQa*.t..u..9.. .b.G..../..o.u6C"[T..l.(2........{!..g
                                        C:\ProgramData\Microsoft\OFFICE\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):479766
                                        Entropy (8bit):7.999607176692095
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:B51C68B65C278916DA41413ED40F9A8F
                                        SHA1:214005B65A3DAC2035BB45AF6ED6C1D5A33D69DE
                                        SHA-256:B7D493670AC48F995067C44934CD71C15AE41DBF65BA6789FCCD4129A217FC33
                                        SHA-512:16AE516ECF0EB154C9AFFEE69828528D41FFE77A55D367A4501863CDD33308C32864E34BE91ECB7ED6B1B3086B5A4E0BE9671E477BE9CE79D754BC0F27D3A4AB
                                        Malicious:true
                                        Preview: ...&.6c.l.=..@.....M......$.3......qe..#...y..8..T..pcL.MH.]..J}....t.....X.Je...3..v...lOt.:%O.....jWY.j-.k..W.2.8=y>7..%...o.@.2..lw..J..:F......LDL..C3)i: .3...S;,.;.6".@zT...X.i.).....+.Y.H...M...U.*...MCT.oA.....t'./$'.u..[..).n.>..p.ilt:...1..P^...=x...~...>V.Sl..)..oM.g..g....&GENm]...o....}....u(VUo..J....E......$.3`..5c.r..A..f_...0{...|.}i...j..`..0;&p.O2.~~YA.1`!)...j......S....e;.|.&F.i..P..:.se..+*.+..]!....S..Y....r5....+...j..0...3../......9.6.S.?}...sy.....Cx..K.....T)".U..............$..P......=?....!..S..k..L*.H..P6.<...a:<.LY..lBZ.-..k..j.h....lT\.. .`.....o........b.. fnz...Ex.T..l.....T..~.F..8..W.d.h..%$..d..gd.u.xi...-5L.2...l..U..F<..z .'.Z.D..\..@lk..>p......X..wb...vE.UG.......($]..#.Xm\.P2O.._8......|......oz.FWU..m.Q.O..$.}s......xL..L....v.*m...2.........C..ZE.j..sW.s|_.}4.Q..h?#2....[;...~C.s...&..~.......A..^....s..qFt......Hy...@f...sY.I....~.....F.E....._X`l.a....l....E..g9..D9?d&:...,F...,|..\.I...>o|F[-.U.K
                                        C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat.LOG1
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8726
                                        Entropy (8bit):7.9776094928974866
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B01127D70F7B5AC0FF5DCB0DCF4A2974
                                        SHA1:C9BBA4E462851BC5A4A89FB46C70F17775135CA4
                                        SHA-256:D561826E9D71E36F2F496B32A90EF9149643F335871D4A2A44D37A54A94648F8
                                        SHA-512:7C0522B6DA1E65E63384BC65D07DC78520F39A321BA0F3BE9A686ACFAF8E8B408B698601C083A7A94D16F55105A1EAE81AA98F88BA88DB16833C26CD3E97AEBA
                                        Malicious:false
                                        Preview: C..;...k$...{.W...D@..02.<"u...... . .`9].g...`...I...b...Y..v._...(1!...E.aT.f7.Z.7mky..t..,......&).l...|Y1..O...y.....+.K...3#f.."...+.@~.Wu.....]..b..~.c!.OA..t....y}Bo.......b#-0.9.......A.e.U.Hym@.....Lh....I.kpo..L?>8o9..e...f0.....K.5..t.u..Ub..j.?.a..w.l[gN<_....3..........!.?.'..b.e_O.p.Y.JG.:Qk.......-..s..ob.$/.(HQ.y,fL.....;.vQ.B.&..1{.L...Cv.kd..v.[.......R.&U.*.V.rg..."-#Jq.-j.~...c.>JG.U..f'F.u.v..E.p.L.J..+..{.~...K..yw..6..*../..l..n....Z./.0..6.KU^.@Ym..............$.. .......o..A...V....Ez..z.m._9. ..M....N.....o.%.9Jx..1.H..L..0j.S.K...$4..k.lb.....N.O...F%.I5.xKy...b.r@..w..*.C.{....!a#...Y..k.^...L.E..uf?.....h..%.x......@...q.-.!{`.....'H.xG.._...C......U..,.z.J...t..Du.....i.a.....f,..a.../..(q....^..FEZ;.=....QbU...t..V.g.sh..G....?b....j.+P...z$;.9%..n.2...~..H.m]-....j...?.w.5......7....`.?F)A.8ww.vA.....R..4...X.)..\..e:.'.7/.*..xk..q.... ........3.~k.u....r6..N.`....m..Z...r..p.0..wUHc....K.k.A<..y[.a
                                        C:\ProgramData\Microsoft\Provisioning\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Search\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Settings\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\SmsRouter\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Spectrum\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Speech_OneCore\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\Storage Health\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\UEV\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):602702
                                        Entropy (8bit):7.999695866155708
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:70B37D0B4F1331E5A34E6E40631F2F5D
                                        SHA1:B64F64D51241310AC356F184FC7D232EE26AABC5
                                        SHA-256:DD7BDF0231603060CBBD582EC93D921AD125B54B1CDA5FC0211E4DE5C2AB0446
                                        SHA-512:D057AC6B59BBC37738FD96150A2435F0C6A3D754D299A1412B7D779E80908E418799E69649A5E62480CEEE8EF55E71923FE516A0161E0FD4F6D30E408F9DC818
                                        Malicious:true
                                        Preview: .e.3.cu..p4...[....-O..It.')2eS...v....{.4YI}.Z.M........A..t....'.@........ 6.qVc....^.P.=....\\^3WX7..<.6.<O..A.T2..."..|..f.Kf...Y.qqV..z..\.D.....CK.._..'.#5e)9@..w....r.8}k...../!n...5.\{w<...Y....h.....f$n.doh4.9x. ...,..vZ-..@.:+...!.r.T.....Zw!.o.HH..[.?.P..+.)t.g..Q..m..Q..(..(.[[........ph...9..3.M.o..!.n@..m.{2v.(&.......5...O...fT.O.]r9.s&.m.?{....Z,.x.QjZ^.{9m5 .-Y..Y*`..c.?.`....j.<.z;.k].........-'.Ca-..2F.N.O.I..bG.{....j.zK#.....=.o....J/6.#4.....h..h.(.0.C........;......Q.b.............$.80......".3....E...[u...U...S..rR.~....ig.}.:...[w.P.8.......l...r.....+S......zG...O=XF.s..Q.:."nt/....KY....y]G..'+..c.w.j....V.2...1cW..N................|....K.m..z..q.|[GW...P....!:.C..J......L./.?<...........N..Q.T.......\.....*.{.W.....q.......7...G'..&.8/..#.....yO.........1c/..n.9...C.j.p.b.'.z...k.0>.~@.r.5L..oB...A&......-...<..2ej..kLm....k....x.J.4.t..q......=.6.S.1.Sr..h..!2;.y:..)...H.........,...4.'..X.......%aB,.5...K.......>C....w
                                        C:\ProgramData\Microsoft\User Account Pictures\guest.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5934
                                        Entropy (8bit):7.969285455407038
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DF6B8DDF95D4FD31CD4257506249E754
                                        SHA1:31191A9F52969779C3F14F1C9286CE2E7E5952E3
                                        SHA-256:B5EEF71C0DA5B0A49E14775EEAE1E2CF630E3A6D29C6DEE3271EC09FC9E8B541
                                        SHA-512:E42D1C722BBFEAA1D2979F389A6A4195D3C140B31233C31819333052641F7EC378E3DA8992235406D4AF15B4812E31A6A8F6EEBD96253DBB8B2B464963430A3D
                                        Malicious:false
                                        Preview: .f..=PLM.e..... ..J....w^X|.W.7.l.(..:...L.B...7...I...._.[...._....V.y.....,@T.|...7...1..4...z.}.=..N...:bE...>N}.7...Tk...O.2.=3.....t,..7Q.....|.....!.Z.&.'..."..........R.w.3.......%=.1...%$.9.l..|..B...r....?.'.FnYk.Ss.%.4....c.......9.....X........;H...y.s.}.6$b..)..l1.@.D......q.pF..7.}..W\.^.. 0.......#~...B!5....L.._z..@.....o..`.1/.l.P..r6....~z..K,.S:m.. .......]...B...m..z.E.....+Z...C$....I3.L..~y.`...ab.]...y.......Vq.^.1...Z._..{...n.....K...s.m........Ed.$...T..5.?)..............$.........3...l.....F.B"..jB%......}..*...c.......H...$..a.....vv......u....I.)+HP..-..&(Mc...y.......B>.w.Jj~..X.).9.y.3.|.....|.(.A.Vmt.U..x.....=..K.p.M9)...@.@...X./.9........%l.gp. .o"R.?.......16.#...s..VQ...h.:..c.B"B.b..z.....=..d,2I..A...#.s#.>.n.S,a.+=....i...+.f03.. H....A..)......&.....*a.J.....4...2..S.......?(<.f....."."uR<.<g....9..j..G&.f......A<.%..;.......^..a..I.%.gY.=...\.r....jw...>2G..|fj..Zl,..(......I.R+.J.....jM.[..Ij..
                                        C:\ProgramData\Microsoft\User Account Pictures\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\User Account Pictures\user-192.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2941
                                        Entropy (8bit):7.932774819416466
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A61F8DF553353BBAC024E9A458323F9F
                                        SHA1:456F13AE98688426FE8D4396E0C070FBFBCE496A
                                        SHA-256:053FD9C82E5ACB0F51EEDE4C933C2719209B406C5CCB82C2BCF3BD82119CDD9B
                                        SHA-512:2D3971F6083E6E625AA95676A689769A19A9B923678B284D49A4B96685F092972162295FA71376C0771D8664748D743D90C145479CBC0115263076FD2A2AFD56
                                        Malicious:false
                                        Preview: .._..t[p..Z.n...hd.lgP...|.....|....c...W...HF...^QJo...{..+...1.....(..!.......-..}(0C.._.S.|a...^H9.........SE..=>1.T.[V.|.*z....&..0Q..B........V.jW..o.ep.|...Q...2.\u.#..;.'.sE..E...x>.).2..L...m....=v..:...'.M...5/4.\g\O.!T.....o{!...-....\D..o..."..,.>s...Ib...G3.G.``.sx`]...o...G...l.t"...c.D^Q..lG1.|]....lX~.tQ..@...........O......4....!:.@...5Et...u.iA.@9....T`y...........c.o......E....tiV.....p.c.3.I......<.Q:}2.C...V,.jd.Li...BH.......s..p..e.._t.Xk.P!E.....j.. ...............$.g.........x.&*._..;*.c.^^P8..~lf...)+KB"F.. \~....o.....[...}E..../....:......g.....V..^P;...C8E..-?@y.7(.+.={..].Dx..B.Y.X.w...........P$...........(h......T....ro...o.....e~..,.&.Nq....k..;].d.....t..h<.......2%).4pp1.g.f...)..md...f^.ga..K...V........xe..})I...HJ3.~..D....h.w[.....I=..1..y.......-..D.Q....:.%.Iq;.X..z.......=.....%p.^\q.%~]!../le..;.'..._S...Q.../j..p?.4.Wt..j.#..wR...1s........k ..:..pA.~..L.F.?D_..l=.B/.'?...........).....d.
                                        C:\ProgramData\Microsoft\User Account Pictures\user-32.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):949
                                        Entropy (8bit):7.754205940157543
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F206E92CEA8A66D8235E62A2950327FE
                                        SHA1:20493C9F476E85FB2FF89C1A677B9E073229CD22
                                        SHA-256:27FCD45D0145FED98DD163FF795EF5DA73F11329CFE42B4B1D0245F70CAAF5BE
                                        SHA-512:71E3E4897B5AF8B2EF580E8909008E228ECCB137C801C9573D889A09A82940EE0FBBFC9E4194D9AFE3CE0E99B71A044B9F849B1DBEAF7A28C22C2FF40F0F992F
                                        Malicious:false
                                        Preview: ........JD.....%t.....1.F.....oV.#.We.y..!E.vP....4.dT..8.;+...H.....7..e@.7{.....z.......y. ....B.].r..\o...U.....l....].@....)$e..A...0.~.....`....%q_T...Y..b&..b6.%..J..0.{....g.]0t...z(..L.S7@..A6;..........y. .W8..4{Pp...'.F,oL.y.`.B.. .~.......B..4<...j><....g..tq.H"gu.z..rf...|2........q.o.<...pJ%.$...P7.6.]*... .....P.pX..%.:....-...".YS?.yM....B.4wr_z.sH$^..cC..2..DyC....;..p....Q8.hA..f.Q._.-3.. ....c..{....Gn...pa...bXPU.D...].C4..h......N..19e!.!......K.q.~...-..0KP............$.........R...j..R..V'....#.&#.*K..K..'.w....Z[aW.d.#..V......y..._._.oL...V.......2....nMw.....z...Z!..,..lzjK.Tk....=./..Z..t.C.1.|.....W#g..H.qo9.....*..KE.{z..J..P.%...N.=.. .cl.*.A.d..!z...I.7.=2...}.S.:...5..[fa..m...|....O...5:..O.O_..K5...G...<z.U[?.2...D....)..R.Q0D..OF..!.TQ..;V..|.A ..Ehm..e..!.;].4J.#JL.....g(..L.....H![...-.B..;.'.......}A...Apm)....9G.../...j.;\.(j.z.5...l.l....>0..&..QI
                                        C:\ProgramData\Microsoft\User Account Pictures\user-40.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):967
                                        Entropy (8bit):7.775198033530475
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1F0E3EAAD280BEA2B9698EF1CE7B9299
                                        SHA1:638CC034C87488404F3C2772CA675F548CE000BB
                                        SHA-256:8D9117A627E533066E277EC07933FB053D3D5F7915E9BBA6F3C565E38522D492
                                        SHA-512:8712B9D665C843B1AB9D636F5E7D2073743A311C3DE1DCD64F81FB0D092AB9DE8C1C71339B0CE731DF806AD73E43E9748A4ADE66B63C8B6F57A9A74B7839C2C8
                                        Malicious:false
                                        Preview: ]FZN;.k.| .@...*.~..Y.;.2...+..:.N.u.F!..n..4...b.K....9H.%nt......|R./&..@.E...?{...,.Av..P.%..-[.p4.bH.....p..}a;.........fj..m.X..a5.j.6<..I>._......F..iQ.!..f.~.fQ:.=..O.c...GS<!...!$Z..h.8&.M(.%....'. `...x.oC....p.OwoBI..3...5....k.%....x..x;N.#...... ...n|...Z.^?[.j.0.r;...W..T-)./.ch..7y..vN....aT.4...m...N,..>.T.?|.../..\p(........RT.......#.8:....p..'...si.W..D.MA.X.&........j...E..1 .;Sp.B.......y`..4.%U...j...kPb.KI..."...!..@.Yz..4.[e.....#.....Q.7.CA/2.E.'.K!q.>...........c............$..........'...E\*/..4...`.,..f....".`.F..l.p...9......K:.......~..2$....{..........H~.<....C..]..A.%....#.H...z.uW'..Z.4k..[4.>Y...i%Pxw.....d9.......|.z.a.E.>.L.3.S.sai.........h1. ...xv..n.=J.....4|..E...|......;:f.<A.6..y..Q.rA...1F).......\."ITt\.1YK..,.q`..M.<.....~J.V..0.qn......BU..8$Y..dZ....q"....:\75...QQ4...o.K1(..e..+.DO..cY.{`...............a....j....Y.@..-MGG.sj.oXX........h.?.JBA.....8.2.....o.....}.{
                                        C:\ProgramData\Microsoft\User Account Pictures\user-48.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1035
                                        Entropy (8bit):7.75222457830697
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E32B79BA1D5F6B5EA8A731B1C3EF7336
                                        SHA1:5AE8613D573FBF6E7D26207BE23FDD336AC9BFA9
                                        SHA-256:983B6B39DA62CF00C1155EFC339BD862CDB08E09DBF51649B7F94353721068EB
                                        SHA-512:1148B66D8F2ACD0B474AC5E59D9A6052D6FB13760CDF2CB766A4BF32E358AEE756A83AA931BF1F997FF782809C5C1BE1D28EBDA15DD4078B94EF78D6C46B2992
                                        Malicious:false
                                        Preview: p..XS.mknuy..UJ....b..%.`d.....0.......+._|...Mo=RK.Y.Pg3+WCnR<.?..5....)..V|<.{Z].....A....._.+..[A.P"......g.p.. d..QXF+..../..pu.q.<.Tl..K...)7.........V.I....&.......]..l.[4............o..R.tT.z.[.....kh.....Ay.7.M.@g.....M..?......'..P...)O.n.z....H.a].K.G17k6..;z.....e.QQ.....p..3..+U...._...m....@2.Q...N*.N.....kL..&....v....h.O..+f...[.....cA......-~*vO..n}.....l%.!aFo....M?.|..-ZN(.%.......L.y.C..RZo..&........%..$$".bk...A*%.(...R..4T..H%.*..\$s.n.c.C......A..UV2.-s.....'QN.............$.........Y......$u..s.q...u...N.2.@.t........ ..E....c.}0...xD...A.... .I.$..c.....[N{..p....R~..^....S>d.......8.....P..R..$.C...C?..j=..zd.X.)..|...~..^9c......P..oY..)...Z.#IE.b4..1...$[....A2|..kLG..l.....y\...S.k...d..z...X2.9.O.A5'..\.k.n.._....u.+.N...'.U..t...|K.is..3...l..}.....S...S..`.qfi.s.."..D.D...P..Yd.I9..5a^...|..f.~..K.X..P........q!.......<..B.yrD1..6i.]....SU..k.o(.g#...Q...\U..%....ZxX..O8.K.|..R..........Y..+..'.o..7qz..
                                        C:\ProgramData\Microsoft\User Account Pictures\user.bmp
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):602702
                                        Entropy (8bit):7.99969736834526
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:3328A3670AC6E2E4168B8EF3A3E1D430
                                        SHA1:8F941536A05351D371EA9F692FDA1FCD727C2D5C
                                        SHA-256:584CEED47077036B9BDADBBB0C83566BAB0B536F72F7FB3D06EE8E583E28A315
                                        SHA-512:11DB3EE721533B6560A227EEE2E645803D64590D9E14B41CBCCA67A9530E406E8CD3FBC8A87A0C408CD857BDE8E85EC8E19CD5568E931BE27B653BF1D35D0AEA
                                        Malicious:true
                                        Preview: @._..b.T.`...}.m..PN...eB..I....j.T.Vt.b..C../ ....o.|.....>...1....oC;..1x..g....$..s..YP...#IQG.....Ff.......h..w7.M-.....a.eL..OW......2n.+`...`.......e..V....%......g...Z...'`d8..9S.^...2.&2v..6}...r.....a..y~...a..I....E..).1...{....(2.q M>H....H.w}......fR...g..<.4 .....N..P8..rJwm..V...,...&....>sfY.M.?g.Oj".mI1...<@..U......&i6..J.sZ..).W(b.*7....^0....7..(E`;6....&...\]_...>.O...h.J.v0....!.|.y.>..]j]X.F...S....$.$P.h....Y....>#..qm.;h.oS...&}.......~g.g]l<....L.0............$.80........-b=t..[.).._U...". O5.......F(6.....<..&]v..=,f(.|.#..V.eb.gdO.....p....xw&.3i..."k)g......q.A=...6^dX.3.5.:..9.1...@.".f.r.K.=. .9O.*.x4...C_nW.2....y)~M5U.\.=.|.*.{....KJ=.....=.e.....#,2..L...O...?.....6...Q...p..Cv....Fa.Vv....z.H..P...i.R.u.r.V.H..w:MLY.A...._.>..G.@k.....*.7Y6fh8..............RQ...V.K.U.U.Q.vw...z...q..!..f...:.^..t.T...nP.A{,...6..b.s.[d.H.\.ct..{8...P.L7.|.......3.J.ZU.....z.M.ohW. ...>.....P..57./D......7:J*.!8
                                        C:\ProgramData\Microsoft\User Account Pictures\user.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:DOS executable (COM)
                                        Category:dropped
                                        Size (bytes):5934
                                        Entropy (8bit):7.968153072746013
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:84C1C4067B99F3BF92C198C007B7A319
                                        SHA1:570BC3B76217E3CBF9EF7884DA78AB71F0D42BFC
                                        SHA-256:87B1CF085B9EF342A75F0B82C4D394CC74D2C2F91A0B52D3B669F70C6DF0E06B
                                        SHA-512:683CCA10A986BD0B17C10FD090EC84CC28A82D2CC26E478EB7BCD978BB709AB2E7B84078832056072BBBDF79D2DC36D0B67C0CB4032658B2FE5D451DA38BF3B7
                                        Malicious:false
                                        Preview: .>4..........S.-f.B.8........g..m.E....D....|$.n....@......=.<..#.......6p..bo8J...1...../.....Z5O.).v..h..$........7}+..^.........S.|....v".<...y.1)_o.........',/....z..........V.i.....Y&_@C.J......fY8=...b.S.7....U......<...>.%8.._K......u_........o.A.........2.FQ....6.....>.+...../.+/"`N.|...e.{!.Z..@7>.i.Q...%....i.`..q}o.y....^Z....q.#2z....;..x....n...*....Wm.\6...........y..Gg.iU........M"[K|..4....:.S...4....x..G_.g..Zh$l.>.....2.... .!Zf..\...h.,9...k.]..:x>.+...7.............$...............a........i.$...i..|4.&......7.?.$..4..!..ms*.....oK..9......H.b.l..(O%O.....rF..b?B..u.=......T..N.9fe.?)c..H.m../.#a..j.0%.*..^..f..g...$..5kR..y9DR...^.4..[h..]....B.v.....:...&y.u.....U,.N..C.R..k"....f......-.m..*.k&.%k.A.?...o..0pi.O.#.x)..w.e..H}i<Sm..H..G.\.).h...kt.-fW..[.R{._....!.b|:.d.....lf.....@........u*..._K.... ."1p..:.z.c.\..A..7k..x..Sg.3.P....~...vn.E....`.*/.6..{.:.....:...J...E..l.brY.ex....~K..#.T.U.`..T....&T.m....e.x
                                        C:\ProgramData\Microsoft\Vault\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\WDF\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\WinMSIPC\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\WwanSvc\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Microsoft\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Oracle\Java\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Oracle\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1370
                                        Entropy (8bit):7.828039659475334
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7149CF048551C8405D44CE2D0EC25790
                                        SHA1:EE0BF6CFB32812DEEBF01A217A79194712EDE9B1
                                        SHA-256:5E4FDEBB639E95F3464906876212AC30B4CF4FBD8AD9018659A4F6E3674ACF13
                                        SHA-512:C33187B4556058413DC2F2246E8FB76BBF6D888EC9B50640B5C927B8562DA4878225969CA14BA7F0B8D74C22AE7F1B4F88F85168C83D937ADA20855A936E083A
                                        Malicious:false
                                        Preview: 2.\.%@...w2.r..&.d?.n.xG..k.}..8.J...~.....7.Y,f.r...?.d.... ....8....a..M...S.....F?.'X...w4.gt.1E....<..s..A.C.s.M..N..,.!i=u.=..R.u.\..qA.|...Pw.....@.Er...f..c...K-2...M...h..vEX....ym.....1(i.c+.Bu.N../x<.6.h...1Bb..2..J1>..H/..C..9.u...Z!>.v.t..yM..........D.^.(.N...3b:.S.'..Jx.=.W..).;MRAG(..u.GE.;...Z.E.=@.......\9...B3...8......'|..(..X.b.F.....s.....+7.}......2....*..l.....G.N.R....i.......:.xy...f]......+-.". &.. HS.G.W.o3.Oh+|h.A.[..._h.4#lX.F..x&..@0.?......[.....>.............$.D...........z.X...I....Ku....w..pJ&/..r...GG.y..C.[....[..v.....Q.......MV.q.._..6.{........wb..+)..+.{...:.).?98.........../...q.._$FS1.W.......5Wv:k.c....vr.....X..9.s.g..sI.j..Zr_.E.D...{....|..e.E...6{M.5.f/,.....v.-(..B..5.g....6.2.9..j.K.bI'=`.t..Q.......S%/.3C....U....Z...E+....I.)....n$.M.[..!...ru.\.B.oe......Z5.....K.|o...F...H...U.....W...Z(_....952.....J..;c?..i.Y).(.G......e.}..B./....-....v....N.^..J..=..;...eY...n.I9.z?...V..p...
                                        C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1358
                                        Entropy (8bit):7.852410618723876
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:16A54FD64EA352A2A8DC6239FCDC1570
                                        SHA1:77E31CB571871E08FDE37B7C58728C610C174D12
                                        SHA-256:ED20541D959AC0DFE4FE9C98A0B9279FD9165CF492909246467FACEA7A0B16BD
                                        SHA-512:F447AE23165814B4BA17AC29FA9B1688349369EF992929F4C8893F38B41D86DDF0467A13EEDFB1C27B356BFD9908C08358480D0A668E545450A802666B2970B9
                                        Malicious:false
                                        Preview: ..oF6l2Qn....d.<.ll.$T....%.l.x2..~..(..8.[....L..KL..e-....k..nln. .W..(.).....B..4......lH.X..4^3.......[.V.6...a,.-......=,c=jr.$..F8.jJ.>.8....>.4..d...(...[>....*.l||@..4Uq.Z.....Sw'.K)v...9....9....S...k.QX...,6T.+.:.."VW..0.KhxoJ......O....p[mV.L:..4rC.........u.d.{{hG\.._..{E....kF~..Q..><..j.........K....?W.....T~..<K..Zx...6.<.;a.W.%....L.zb"..H....]rJ..S7.4..~.H$.;..R.v...7......N.$T.@.2.......N..c...q......i!.L.6p...K*..".An.'...2..1..{...|.3...NV....UdE.Q...e.....d.#]..u1 .............$.8..........b.\..?'.5.Pj..2....../..g.9.X.~t_.*...R..O@....p..jZF)..e........^.v.Q....#g...C$..G.......<...G..Y..h....A..............:.....L...M0;.;..vI.eIB..'W.{`W..Rz.\.vXW.Wm.;_.W..l...!.Q...xn>3N........g'....HK...~c..|...}l|......zrK..>z..'an.G.8.I.2.....2.DP.vUL^....j'.N...a....3...E..A.......l..M......B.@.p......o.3?....}.....;e&m.i..^<8.....M.aub`[..~...Q.Lp..(......h..d*.K.$....f..%uR.;. *o"...d..W.)q.A.....(.......A{T.5.Ru.<n....$O.8..U2.
                                        C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\state.rsm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1710
                                        Entropy (8bit):7.863033187964193
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1A399EDD6DAD7AA203BD1D05F88FF1F1
                                        SHA1:B9F28495EF05AD05F14147C72122A429CCAC2E07
                                        SHA-256:7ED936E0718AD0FE0E7F5FAB64E45B7BF5255E65FE0315DBA939549CE1D25D35
                                        SHA-512:70457A3D9F63E86901A64579DA66C261A630B74E1445847015CB6659B1A90E454EAE32692FC090863FAA999243E3F10B218BDB3EBC4593FD0A3C0E1578A76FF4
                                        Malicious:false
                                        Preview: ..H.xS.U)..fK%d.=.........-%..c...\....S[...}......R..3.`j..&..:..L@\.F......gd...Pu...U:Z..g}^nlU..U.G..Sa..G.o.._...h....v......E.?....k.R...Z.3...$...k....._...WWG...........+.?y@....S.....j.x...."!..}..i.w]..6mZz..@..O....K.z_L./t....6....0zG"....Er6C..;...6.5`..<F.oH?....!.d.:..|.....N...Y...'Sl&.l..S....nD..M.N3]...y..-p..."..\1...u..."...#....&8....B..s...F..3.r]m..6L.S...w......B4...RT.y...nU.^..../.....n{`H@.K4..t..........,@z9.v.....eW.s.&.i....d]*.\q.........e..5.....K.2.............$...........S.3.i..d.j.h3.BoF..z..g..z.Alx..O83k.@@t.......I../#.[....}......H...q0:......TI..e.`.|).jj.q....C.*j.F.....iv...5l*....q8..x.....i..a.F[....8.vlL.k..Zg\..{..<.h........>P........{.s/......./h..{...<.,I.. ..S...:o...C..m..33..{S.t.(u..-.3.X...Ze.`..t`...P4..f..Z.%.-.eV..pm..._...{.h3 ?...:...1..*.v^.,>x...5....-....zv...$,.T>..........G.....H..=.hG=.Z+.]7....)_.5f./ .N..U..n...L.9...1G.@..;..........2..r..a1..p..c{.......K.4ma..|.E5....smo+.y@
                                        C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1358
                                        Entropy (8bit):7.853634458330099
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5F45B42C3F90A6963B0479C5E6B76894
                                        SHA1:F6D8F27DD3A6C66E31A0A1E189B3F73B98DE3ACE
                                        SHA-256:FE3F05A79B9B738CC30E01B0E89A7938E118420175D9899FC7EE920493D79539
                                        SHA-512:D0A1D3B023C5BE9EE2E714EA5A4D1FF4195FEE3C237738BD3C8B6A71B53A20FB3D9B2419B6093EB770AC79D81A7073BFBA7D156D52EEE710F8C4B2A38E78BEF3
                                        Malicious:false
                                        Preview: VL.....{.-..-.P...0...|.8h.k3..@..kc#.......&.)a....y~h.ww*..wb........0.-d.].[<{.\(.^.C..>.$tz...b6..".r.Z...r;6I..W]..M.9..#....a?|.'.3.u.5...Y.........!J..1c.V.o[.........M..'...5..X.~.....-[Q.gbK.,3.....J}.q...H............*A...........<..r..n..::H.[..N...}....aB.#~.......A.A}..~.(.:.\..ki%S ..W.@g.~4.........of.M...+...P.&...M.8.% ..5.^..+. ..._Z.(!~.b1...w..#..c@.....a_.Z..v.V1o..?.'..`...[.z.*-.)no.|.a.go.K.cF...0.v.w{t...$zT."Gt.o... ..{G.....~...dE.w...k....n..l..X.(.+y..).p.c..!.4'............$.8.........].Q.i.D.p.....]..9'...jHkX.....t.t...K+.........4Q..qM.%.S..0P.......\1...\e..jm.Y.0-......_.j^0.>.54.x.$..7...^._.o. .:...`.T..s.].YP>E.x+..9.a0....Jf..{e..J....8C.&/...h.h..lzpC..C*.....W...OJ..L...ku..:..&)).M. ..].m~!.*D.J...!1K@..h....?$_..".....`yC..Y(U.??.....*Iul.VZCN.^...H............W~6...-...;*..yL...@....+?..JYF....B...\Sk.Z.>.m.S\.'.e.k.{.t}<#...*...M..0.E92.H..|a....W..+.8,.Z..R....3....M..|........)M.9W.....Y....4_..xr
                                        C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1710
                                        Entropy (8bit):7.8627324704615384
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5390BEA44E7BA2049678D7377B6E116B
                                        SHA1:0C53E49C19C087AD414C6680167207EE631C2780
                                        SHA-256:9556245E6EFD8828E3A5A35718DC43686AE1D848BF63B51728B57C4F745111C0
                                        SHA-512:AA5F4461ADF2E8CB9AD9EA62AF7E377E8BCA2EB8DAA6575DDD114D6C71359801644447C4C3DF3DD373BE2F14671CEF0EA3500AD1EF3DFE9E476537F15D76AC5A
                                        Malicious:false
                                        Preview: .qC.....`.G..=@-...iR.....?L...99rEJ..\.(.w.J}..5a..Tb...h7G...Y..s8.&b..U..8.* ...}...-.x1...C.......,..X..K.t.B*.7C9Z:-3...Hu.=.1..j0).{...A.....$<C.&.....S.^..3.....B0......5.x.EO..6..M ...j.t.\%.\z.h&....-D$vUN.U.t..f..q..N9...R..[.#.D.w.t?...}|j...,....M.J.n~.....e<......Q>..~Q..nk.SSU../3,l..#..M.V....YO......K.A.H..[7...h.....-..0..g.f.0.m...0Qp\G....X3...f.HI.k...C...?..L..(......k...g.....8#K,....R..~i.....9.C.j.[........2.j=.?.I.,..._..@p..@.+.$....F.....,e...,v...c....k..............$.........u#.8...,....$.u.......a1|............F......5...}P..2.pKI......P......p.tcc.a...1.:/....?HSV.73a...O..j..C%... .8.2.HI..n.;,.\...',...\'>.....c.&....4...w... ..1..n]...LG.d.A....!.;.z....f&..}D.tC.O..$......CcQ.O.u.O.._F....]........I.$.a......4..by.[.'.....T.....d.cB/UR...q.K.s..$...C(g..A.[...+..-..m.@.....W.)..}9}..79h..x.V....TX..T......#.<..d.SV`!....=..1.._.."..jn...d.....,..`. .X...].....y.Pw...#....o.]Ip._.|S.......c...i..b.y.b.oZ7z..\
                                        C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1370
                                        Entropy (8bit):7.823870780085377
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8BB0D0AEE604B5FE2A7EB285ECF64CB7
                                        SHA1:B8A0870915D6D2322DF913017FA3DD0DE07BA41F
                                        SHA-256:E658D94C876A159B5C0DD80FCBC93FD05B5D9F83B4168D77371952CC506932EF
                                        SHA-512:133CA02198F2A9B85A0C2812DEA2DC70935D24232949B6DB9FCD20A4C12A1BF6E668358FE79AFDAF157EFE1C6F357A84ED1200C745DE343C146C0785D98F5995
                                        Malicious:false
                                        Preview: 7....W.Sv.,....ta..S....c.T...N5 R.a..k.&#W..dW.*l.UKR.......B#.......N.F. ..A.6.~r"...>.NZWj........O.\X...8...Q@I....-...h+...\.s&#......M],.3.K&..#..s_.=.._A.Q..u7Xj.....jx...T.i..p......S......I......0..?,...q.Za.S.l.3VQ.u..x.Q9.....V.&.s.9....D...U3.W.8V)*>....a}<cW.P..~a.>..Y.t..9.4....l.u.u.Y4...n.P.#^.B[4g=I*..~...[-....PP.*...9..NQ.....At.O&...;@....t.!.k...NL...d.cK.X.P..o.|vU...i.._....j.....C.i4 ...(W.#M:..y...s..d...Q@.,.f5<.T=.0J../.\..|L..>.J..."S.h..`_cXX.....G%....v.............$.D.......+..;...cQ{`.9......~..3....Z.a..'..J...'c..G(..1U^..a..D.G......~.Q[h?..~;..#Z..T.$v..J.....4.pW.+..mQ.X....f...}..EXL..|.%8....2...L-.:..U>S..@S.............-.l.."..........zlj|.a.......!q.-.../. ._....p/.....L..."\...{.<MUhH\.J...h.'..)........0`=K........!.vjk^..|.....0.&a.|.x..;.`......).P.8H..y...;.%T......t<(=.E;nu5S5..I.<.+6?..fG.#.....|...........O.r{.s..:.BM.Vh....)r.6.*..d.,.7.I.1.g..8..D.2\J...`..Am....3~.*..]....O.f.ss.A..G/.
                                        C:\ProgramData\SoftwareDistribution\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\USOPrivate\UpdateStore\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\USOPrivate\UpdateStore\updatestore4df22196-a1f2-426c-aa27-062a9f86aba6.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3147
                                        Entropy (8bit):7.938740246112565
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:35CFF6087926BAFD5022A915843ED629
                                        SHA1:7E8651380319EE73B2F2373A4982447DC7B6748E
                                        SHA-256:3CC686A1A3E18E3517F381C6825C67F110DD39EFE911F30082127D6D0C5B879A
                                        SHA-512:14F936FEB1EBADE586815CB7CAAC93C83A1B0E6C566A5BF81CC0AD47751A8961E9230BDAFC7C9D917B2AA950F26CEB8A325CE017282EEBFB2D5EA9FF9838E3F5
                                        Malicious:false
                                        Preview: ..2.....Q.A5.8v...=gax..:..\p..ye.y.T._oh...\F#<..b.$....c.....e.5.Q....m...r4K.[..k.i...i..g......".W(....h.Io...U,.j...6.x.E......w..P.G&.!f..S......vo.^.s.B...i...1D.lk~`...8...cfAd.p..#K)... ..1tl....|..T...z.b.\.L...C~.\e.& P.....3..u...3.iiO.AU.L.&...e...0...K...6.TR.".#.'.....n.(......B..!%..%......a.Fl..`..[Fi ..-...<.&.1.J..b..M......a.h....J..|...L..v)......z.T...13.46..*..... ......7Q........p.....,........P...U.4..........L3Q.....:......*...["S..j-..&N.|s9).._....kz.'$.>..h..............$.5.......6./.lx.Y.B.G...F....V.Ov....-h...6J.0..T...c......q.1.Jr..j.]..*.k]...:'=2..W....{.M...*.|.;wV...j1.n..{).>..s............^....s..:XU.t=2.ll~.. ..&.N$...0y.6`%.B.F,5*...'&..x.bi.G....3lu..D.3.w.J6/...\.-2.Jpo..N"e5.cG~.G.'...PJhU...;.|...s.wk...>.+.:hh....'.v.8.L.."7..i..^.3....65.~...s?.......~Vx.'.[_!#{V...S.M.N@..Z.. ..<....0.....3.K.@*..~..R..x.F .%....G.w..lt..-...q.E..Jg.(........X..g.T..!8,.......iu....[y...tdIKp.......Q.7z..g.tw..!.QIP
                                        C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3381
                                        Entropy (8bit):7.939998900800466
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:15730966AF77F6FDCDE0369C30D88C56
                                        SHA1:EA3A27D112FA0A9F090BB9DF8D12E29AAACB8A95
                                        SHA-256:FA383350B06DA245F74FAC83CDC22E563D372BA58CA2919DBE628FA7D28D83D2
                                        SHA-512:ACEA5F197094B0ACB861A971E6911A32B2400FCF357B6AC4DFBBC4C83C8DE8C26289E033F07996CD1B3DFA9C44D892E98493D59DD38E77D8F931568E49D4D056
                                        Malicious:false
                                        Preview: ..c.E=f.N.......p..fOk.yZ..?.T.!..% J.6.:.}...+.F%Z.*./.A.W*.../je....^.v...o.D...D...`.!^..].m..L4....LG..t.zq...:.A%)....f.M.......A..;.X..3...vk..../5.D.0(..z.7......X..Z...)..#,......Z.~H..<.|......+........b...3 .....t5.8.`O.....;........8.....pu.K^...`U...6#..w.L..%..9....^[.O .^K......z..c.:..=..<.D'._*.N...$?....0KQ.f(.R#..._..=...f...jW.|..|.V....l.+.Q.k(...D7.../...j..>..>..`.......I:.|...X.....n..f.....Fs.!.;.oeN.[.`..vL.n....^WY.+7.qz&...L9.1Z..%.O.e.Y..A.$x..../.' .]T...............$.........F..%..<.....wb......E..k1{......:y..m.^"3.J....Z.2.D.I2...G...v...~.]`.......tw.21...A+......D.C.UY^7...W..H..:u/..A..5....>8.6..... ..u._...4...Z.{.+..q;..-z..7.....#.Na.....D.......}..GK.i.c.....y.../.uyo.......'.h......&pG...<.B.......Oie.I.+..#.+...r hU...3..y._.b*Z...........x...J...?...:..... .!.,.W.L...}i..E...6.i...|Z. jd.[)#{Z.:......8........1G%..s........$.....w..."..:/p...&.".....z..d.UN.1../.$..l....F.\.;x.......W....Q..e.J1
                                        C:\ProgramData\USOPrivate\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8726
                                        Entropy (8bit):7.978193281651526
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:423B8727EA449FFE9E4AC4D4BD0CFA59
                                        SHA1:D64F3BEE290109396413F7674DC2630623D69FDD
                                        SHA-256:21AAEC545D00D9CDC395EFBCBC5E1152E1D1B60677A3663AE3C9E084AEC6F969
                                        SHA-512:A772ECD89CA8F5B8FA08524A927D229685CB91079B7B788A892AA4B4EEA6E1DE4303895FD5503ACE020F6659152DC349C3957FC764692E841566B3CEC16E2BC4
                                        Malicious:false
                                        Preview: .....9hl.w..YP..9,%.$\...)!Q.n.x..67'q\.$._.zW...K.>.i..o]PF........dv..8.-.*L.,.."..-.=X.......&.....H$.Dk.h$....8.C{T.;@.F...P.....y.l+z..b.*P....t......4./.u...M...|y.t...S..{B..-..8.S..j#.@.t.7lE.N.....A...%....{T..+/VLJD.O..w....!._;..qF.q..fn..i....0@V...F_.g0.N...b`.u8l..{?+.....?...i..f.VT.Q..r..@v.+&.........*h..9.....6......R.F....yl6.....vl....GH..U....op.>.d9....4.1...h..}....T.....E.k.A^.3..f=ul. .'s s.B .l.....'.I..5NX.zro.T....k..&.a......./\.{...x.c}.(...bgn...9..+............$.. ......./k.;.......>.....";|..i.....+.C..Z$..ud.g..>....n-..jb.EEt..xJ.]....B.4....^.G....%......;.P{.I.;3_...h.!..K..W_..T.7x.12.z.2.c~lk..4..q..x_.qs.)6..*......Z.F.....y.z7u..AH......$N.+Fl....TJ-.....-.l..(BaO.\_...6...I....H.3N^........6....y........\2...^...{q;....o.....d....n..8....o............/D......RP..".3.2.S....M..!.f/+..._i.....O...:.i../.. ..W.B.C-w.......3)......Z......>4..j".}{7f..4.......L..q............<.....3.xxF..u.{G'/0...u./.
                                        C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8726
                                        Entropy (8bit):7.976782002912196
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E3150990801E70738CFCF56E38491B31
                                        SHA1:C22D262157302A877B594DCEACB1A02972F20C55
                                        SHA-256:2E517A5959AFA8A3B9CFA9A63D12B6A9688A0C4D244EF81687DF74E3328AE832
                                        SHA-512:FA0FBA93EB08C180B3FCBBBCBBA45B442120CA25A3C516C6EA3FA34BB44A37C1A69EC2D132323E17C01EB7AEE6ACEBA308411774BF637A81B92ED3F60E38B9A5
                                        Malicious:false
                                        Preview: S..."N..D.Y.i....Y!..[F.......{.XK[9.&x,...l||.x%.Q..M.....0.|.$...Ly...{..<..:.G=.N..F..U..w.b.......~H.n.B..^A....;..'r.!..q..d%w.M'H...l...3^... ..?.O!..G.0.Z.*.T..A.Q!.?...TY....h@.....e.\.....c..c..f7....9...t./.?[2@..B....G.K.. .\..p.....%.6B.........O<8t..//..nA .ugP;...........b...hl...l...z..X!L.j....;9.........1s...:.....*.j.....D.Tni..$.0N.......SQ+.../.ZgYK&.....I..*&..-\.f*.S+b.-.N.7|..U....B......-...UM|..4D..+YEk.Cq......3...rO......;.L.b}.y.7..1........B.tw...f.c...V..T............$.. ......e..P..m...gJ.B$......Lv..........J..tT.......s.d #.l.v(a..{.O......Z...A..c...RB...\.......%.Fs-.&.|....M..7....y...O..`.'........4.......fu#$..U....v.S..j.aY.y..HH.. !G.E..i.._...DN....p...{.gWj......]Q.......{..o.....k..?zR.IQ.Z.g%.....i%.b....IF.n&..Efa)..X.;g....d...1......S..D]6..4LM.Y....Q,b.L..iG4m..M.M\X...s...L....&;.M9.`...%...j5.pCz../G).+.,.3p.&.*...[..m..RO..[h.*k.G:.x.u/...P'...l6g........co.1}fs....&.N......[e.TY.....
                                        C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8726
                                        Entropy (8bit):7.977800909142633
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AB16EC4EBD897455E5F5A12973B68EB7
                                        SHA1:88648F0B5BBC4DA8E30FD032BC0BE87D70158C8F
                                        SHA-256:C9068EF7B7629FB9B3B9D447F882DF8AF11D90C5B3A351BB1C39A5D3CC5049B0
                                        SHA-512:9EF307EBFA04551842315E4D1B0ECD81426271B704CB51C45FD175E710A7CD3FE5EC5590DB9E97E5DC2CF3310E3FA66FD018FFAAE5C27F45FDC2472FEE7B68C9
                                        Malicious:false
                                        Preview: 8...a.a.s.3..c.^_2.?.*!#..,XSA.$.'6...0...]...,O.d....4..! ...|.n(.....a@....h.....4'.t&8#^.$..:.0.$...,.o.L......[..%..\m....7Q...6*s_..-~.&..o4+.......&.)d;.|..N.......R..x..|Ly.O..../`1h*w,1.......t..... ..L.hq.[I..).?..{.+.)x..A.#.."|I.>.B.....vc.Qu.v.NI...n.\...Kda.~?i..7...AJ{..H.T.."..1..&.R..!_.3..H.*....:]....@^...y8.r1...o..W=...H.".O...h...5....K.._7./..-.JM..>.6{........2.!.E(.j... ...v._.I@.j5}=......)&/.L6.._....4.me.%....M.bi.H.R.B.`P.Q....^.~D.{....W~..D.t.A..............$.. ......4R..I.a.6&>.G.(..;......*Z....H.V..(...5E.B.....mW.[......t.tK.FE..=*.+:6..1....v...1..D..-....}.S....*......[.....-I..N8.u.I.C.9uMV....A.D....W.=.XiP.`.#jk.....-.....$.....X...J.9.T;\HL.q.1..j6.]@..5...a.J.....L.0N.}......9k..\...p.q....4...."..8...........-.........nh^...B..+a.h/...@....,....-.c.V68..U_2..].1!m..aV..14..v<...........9L:%.........~..{..2@..5L>..$&A.....(....k.EJ:..v.y.d.b.S...)..e...^.!H.........:..B.m,.-......p...^.k".T..z&K.
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):21014
                                        Entropy (8bit):7.992282678890311
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:8D6A2A457BA70B838947755963DF1C73
                                        SHA1:D5E9F8A9811571BE2DBD9B436E958D419FCEC14D
                                        SHA-256:AF9CA2D71C4D9E6FC335036A613B4285C95E4DA1F0ACEB056E5DA910A1B3D6E2
                                        SHA-512:6035076AC1083348F49515E6EDB8A151E7C9850C4C0E04850ADDCC95CD2D08DE58A72F00E6A121F3FC6AD4925B5A1DB5A80457B0FFCA74E8C798B45220A6369E
                                        Malicious:true
                                        Preview: .?..GY.+.."..}.....l..s..}k.u.}..z....8........rV.~.X.>..I....KB.e.:..Qp...l.`...t[.9.d.T+.Y....x..ty..#..4....L)O..Ld.1S~........=.......^...|v...\...@.E.\K.....l.W.^....T..W.=V.9"..=: ...X .}....^.'....3;..0|.V...g.c...:...P.../......1@.`.........(]J..D.>.Ip..r..~........H.|.c.0....j.g....~@&...j*.F3J.6....>.u...UO84.."r..^_.*i$c....v.{&.....03...J....[..6..`.f.=p ..B.....~.l..@.9.M.Y.6...?. =.....34>.......\..!`...D...\z.X....h...b.y84-.)l0.....Z.LW....^..K..........!C...Z.................$..P......:.. .UZ+.......9..)...b..eNl^..]...`e3.6....-...f...c..Y.O...4.(....%..%.'......5....oV..B.b.....H.o.E.G..hk.....Ik...Nj...e.@.p.(|n..GlP.".Y..x.1....$.Dr.8X.y...@...I........)t....9.%..p.t[.7[...{6..*m..@.7$wT..h.T^........1.c..!..P.Y.........%..#.C...Om:.....)..*.*v........ uYrP.s...pk.|_..a.sr.,.C.....PQ...01w.Wd.@h?....O ....|,..XFF.c.u^.1.5...+M..F..n+....a*R.b`.F.....z.:....+T5F.....c..do.yB..EG.k.o.G.8yqwC@...5....h.@..[.W....Z.f....
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8726
                                        Entropy (8bit):7.976905678176394
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A6B061CDEAC5EF8CB3E44BA784C33C71
                                        SHA1:F7FDE4F8B0A0F0508D60F0808AB8593F4632FE5D
                                        SHA-256:5F945B8966BD84702B2E1E971ED8C338604D81E94C7570E16F70AB7C7547DB3D
                                        SHA-512:F704BDBEFE4E923E5D5708E20E98D3C5B7EF8ABF7AE21F74BBFF32E31C97CD0C9803CBF98A68D4F7E36EB3E47B92F700E6C74C304FCC5C4922D88928ECD1F698
                                        Malicious:false
                                        Preview: .zO,@..!E..........b....t.@.qDb..V#4}..Rq].BGq.\3.k{{.......T1Y..N....../...sp...'..V.fKx.F.E.).M.'.."....Pb.9s(.i..6.WMp.\..(.Sz.4s.`...Q+. d.|....a~. R.>..E.......!.....z..C....{...l..ZJG..@...b...Ew.Hq.....(.85..+..'n...!..'...E...2....Nw3;#f.h.D..h..v....i...t..)SO.x.?v....5.,.c!^]...U.U."...l.......S.a...)...MM.........u..=;.b.:.!U..r.........#,V..8.......^".O.b/..^........`@../.8wG\...m.e.~..e,..X....`.3...ID/V.,....|.~....jm................Hd.......D.h...!.^LWsq..@E._d&^./...$Y............$.. ......f....E..Ma.|k2.c/......z.a.+....\..Fk...../..@....._G...K.X........?.'ov.L.}....../...+.>9.JLz..jS.ga..~&W.7.|..J...p.V...d..N,q^.ii.....~......H.+q.6..d.E0....Q..ot...r...pz.N(".s..'.........y...@,..8.....3.|..X..bu..-....6....tYp..........K.3.;........OnR..W.g..u..z..:P..~..@-.x...-'..P..|Q.C.N. .)...7..>7.!`.!x9iZ{...&N9....}..D..%1...]@.%.j...67Q...R2..d....6fD.E.??....45u),.<:.N.k..7..+7...i.$x.:....w...^w...S.IZ&..sf.I.||+.c....2..
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.955090946404867
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E4D6138B7A87B91FBD4139F831679387
                                        SHA1:81D62162BEBCCF1D090DBBF64FD2340C38F9C08B
                                        SHA-256:3CFF1D2C7ECCE7E73080A9B1BFA9EFE804D6E7DA3929E7FE1B2633DDD1C0B89F
                                        SHA-512:E3DD8C3019E33261E59608C52147CDE6BC8B60777CCD56C7902E04CC70395F44F7797252169299A4D34252AE080CBDA48037FF43B4F245E0D65F493254616203
                                        Malicious:false
                                        Preview: =.R.RI.(....f1....}.........C.v..P2.Q...Mm6...oWq....#...}.,.e.}.4GN....!..'.S...,R........ ... ."....^...t.B.......&f5..k.Mx.M,.i.x..a`@... ....S..{A..2....r..9!...&4A...E..^3Z.....b.q[..|w.)..q.L.."&N.....h..C..Dk.@..U..x...z.......-!......D......C...{...X&.a.Ct...D.i.M...Y..!j/?.....H..]...V.V...(.o.s.dE...}..iO/.R+s../F.'.:...+.L..91}.4+3..?..A.Ts..&..@.oQG%.k.u..u.o......n..........L....#..y.!l.XV..h..{lj.}......F..........$;f.{.U..n..k...1......J\P...X.V.+..y.....F`?C............$.........Z.n.....2#.8..#.Yi.^).?NS.G*)-.z.k%.,c&J......'..-...lT...~.\}y.h.....].....J.fS.".S^._...../....(...[..u.!..~[.{...gOc.p..71n...nVQw..G.Y..u.Lu..JFTzo..9...y...R@(......"m.S.k.$..7".........q.....4.(...{Co.C...c....7)7..'8?.~5[.~..g[K)..._..Mw.6K[.n".f.\h.J.V.-D.....>'..R....}!.k.#hv{..0.D.%..t.....n......./.F....b./>.y...w...J.v0....p.eAx *..j....3..=...Fc7.2.sU8.........T.4.{.u.`..@I.3...'u.OB.......1$.{...7$H.T.F}.=0..;q.tP.....O..Y"iM..e
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.955996109341663
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D60419606196C66F4770478416696B59
                                        SHA1:B76D11D3C776D9BAF06CDE8100EF8EE173FD66E4
                                        SHA-256:8AACBCEE8D501353D4316828FD6A874F6B9305C5D31DF1361675EBA383DE8E79
                                        SHA-512:6ED51A44D3CB871529AA26914316A06847BCC74B87C3367D56A00DDFAE4731C1743E24ED45958FC411019143A93E6AA7645E03C8178F1808259473E96F1916BE
                                        Malicious:false
                                        Preview: ......u..s^...[O-..=....%LX.:p. .....t. ..3-[n....#W..<c...KX....n..6.u...2U0.e.C...|n..x...w..`8/LR.........J..%....q.7+.l.0L...{..>.I.........}.. k......K..S..>p...&....S(..B`..Yi.4..CH.....{.X....}.l8.h.........n4.1... .0..Y..........Q.+%.,..b.....o./<5..Y+....2:...i'70..........Y$.#.B.^.z.0.}^_,.*S....Y.C.^xeN..A..*'W.%.^bY.dh.[n8..l.[.t$V.....)..\./.\p1..#...v...B....tLvA.......0#.C..q~..C.t.c.e.Hq.US64._.D..G.K.(b..5.].;.......4.........S.,/...s.5....$..(yX@t.bt...t..Ghm............$..........j!:.....~..IY.t.l.L..*.I..s=.......c.....^......-(jQ.....AF....%..Q..0'..x........#..-..X.i....o...x..0..d.>H....H.D)...j.=..,.<..R>....1.U..*O.. ..].;G.....a. .~PRf........J..D.K...F^>.F....g........eG....tD...G|P%s...,.y.n%.s...X....D...+..rFTZ.B..........#....Z.{....vt..J5.......0..W..G..kQ[........s....O..F........ ...|........r.........J..}.sH$.%.i..<].-A.L.;O..k.e.".PV^.....I......^.7.P....]..!]!.%kc%..l.iq...O...qZ....<.1.z.
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):21014
                                        Entropy (8bit):7.990551137640008
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:EB44187B65BDBE119B1C2D9EFE403ADA
                                        SHA1:BEE2E285322A844B52F30C26A738E535294B1F88
                                        SHA-256:C88D585A77C1011346824956A7DDF171043AD1869623E51523E3C511D3E75B64
                                        SHA-512:4EEB98A5AB9A3DF967F829265D30DF5F8566295396B7C1594CE29BDB5EC9229A3BF2998093FDBD48B60AFDC2E546CAFFAA397EA9C86265918FD8FE06A773C99F
                                        Malicious:true
                                        Preview: &.........JJ..IE:C2ym.`...N.33E.Vgl..b.z/.b........`..W@.z..(......a....h.kO;..h...nc2.n*...%r.|n.v...L..p.m.j......Ur..)..c.......R...g.N;..'&....Q.uS..X.....+h.0N.K.....c..X~`..x..'..W....3........B...U.u...l.$.....,...X..z.......!...V_.....4%Egh...z...TC\.:...c..A....o..l..e.F...n..K.H. ./....8...?.6.q.U32.2...m.h...V$......9.,..3.a."E.a!.S...-.lQ$?w...@..&...$.......Ggm.^.!R.....l......+v..(.\4..W...9!m..._..Z....f...,]....d..*)..w./.].f.ON.n..S.h..p8...EW.....l9I.FWar.^.X..c............$..P......D.l.'.J..4E..e..02.1id...V.3...G.....}a.W%.]..U...h3......T.e.....K.^....x.'MK...).$L.D.m.}pjpA._Nu#.........'..{.QB...[...4...V..d8....b.Q .q..+Bq}...W.~..L..$$....s.|.=......j4[gFN.._!...m7"..L78D./_Vbv.#<.-.....z..jy..Ku=..FG......L.e.+...:`.g{(.......y...U.X)....6..m.....). 1=".......Vc...?..e+........6.......[..ea..$...%=..j.c.aqKL.....q.[.(..(.7vn..{.....q...),.<.........Z@.3..'...:...bXN.?.+..D..R62.U?..%..#.'..S.+.H.......*....q..@.L.
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.955221864115997
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0DC094F61B5188B7BCD9F4A528E80A4E
                                        SHA1:A792A58559C3AEF18C0F33D7CBADB93632745444
                                        SHA-256:1752D714696DBD3A52A89C532E37BCE0DEBA80F9453EA3ABB51FFFD63F8AE34C
                                        SHA-512:E6A0ACEAB704CDFAC3C1037580AEBEA65DC6A75FD2D1FE3160264AA0E6B1704AFB31616CA294ED318C034AEA325F1922019E0553B3C556662B7345D304023358
                                        Malicious:false
                                        Preview: .eu...j!8g...Ud.t....EH......wIM.a.#-.D...U:(rj...7......q.W.....d...WM.q.r.4..f..B../..?.k.j..Uw-?... c...c+a.m...U.......5T.....f...>. ..fw>,T...hZ...r.i.e.q.9.i.7...V3.F9.-sV....,4...N...l.23.0x......+]$qg.F.F...P"W.H.].<QOO,n..&.q6..l...T............V.....5.......e.x.E8..!.>W_r.4.F..VL.T.7.O.{.j....*.+c+u..cu0..W....j..c.}.t.Xi..WBx.8m..d..Ch..p.MEU...dQ..vU....j.........]I.6..z.D._@.....YT..9d.k=...w..&.......v_.4.+$..5.J.F.....nF.jj..A.,...F..*..Z.....3._zJx..G.iW.o9..}.+V...............$..........!.....:37..z.C......uPyT-.-.......@&.\.W.xu:.G..I.j..c.=..$+..v.w..X...j1.n..s.a....>P!o..S.....z0....".....".....I.......Zu)...O.O.Y_;.S..D....h....0l.7...Y[.....w..3.<.......5)..D....p7Cq.....E........v.."..DX......,.G.uq.!{....l.J..a..h..r..d...B......-.....}....d...3.")..;L."$..n.=.l.H.-..g....4.......Q~9.C...T..R..c....I[t.~.bg...4A......V..!L.9..:;.....o.~G.%..+L.g+...X.Z........RM..kR.R...8.H....4........l.c.w.!z_...x.1._..~.
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.960563712595819
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2AC075A0C18F009E6E8A0F192D5668B3
                                        SHA1:F14397991451E485BAEA237D5DF8AA1FD3064B9C
                                        SHA-256:D11C4337F462E5CA73A89E150E675D45EE8258355C137863B714F8FECDBF434B
                                        SHA-512:C5B4DE0BB7B69C0171367AE090EB9340C0A1B6063A6BC91441FE59EA4D7263427F75C5231B3E1F0FB684A3C9DE55CB0A03EBC797CC68646F042CC0D341414DBD
                                        Malicious:false
                                        Preview: ...V.....v.*...um..TO..[..3..Z....c.............u..N......T.t..p...(.....o.........0<....c.j..n.|J.....ew.t{.....$.s.a....F5.................~[?\......:.b.=...X.^<K.6..Y.D._4.P.I......P.6..i.?..%....F<..%.I.Z....2.!..V.9........."..'....7. ....K=[N.I`...:r...jS%.P|..>..M....E'|1..[...T1.}........#h........T}...Hi4.....L.........Qdy"..L....r=..1L..Gu..@'.6.au...+..dS..b=..o0.U.)LD..j. ....3.SpWg ..gK.,+.%........BC3....;n..O....."...>zN.W....v...5....+..~..N|..4.Y5........|............$............*.~XA..F..&.#W+..Q.~.....i6..),m...c..P...[.h..Q.K....?<...@Q..r._\.*.XkM9.,:.P..F..i..uk...6f1....q_..X+8TWZ.wp.V.|.....0..X..:.L%...b..N...=..j.-........e__3&L{G......v=...X/W.........\.....=.....!....p... F.dk..q^........wW......]..$.&..g.G...P>>..L......#.nU.ic`..g4e..@...'."..a.`..+..::3..^m.+T..c..:..1...x.......l...1.W..../.y.....# }.Q.b.^..}6..N..oV..#Z=...m%...._...J.d.=...k1.......\.+...~Y..=.t.O...A#B.............].a+&\f.._.{o..<D.j
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.9548462222302865
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:490FC238BC1F9E790CE8867F672E8DE3
                                        SHA1:A1BC13EC673B6F75ACAB7AE8913FF73FFBEA93CD
                                        SHA-256:B517C0D9A45DB04C26079E15CDFAC45EA78C80CC64802C70F8A1BD116E719EF4
                                        SHA-512:2AAC97717D1B7294332B5F9DA91864860A889C22ADB538AFC968AF8B0237A81D3046ACB382EBE18EEE3CC35949C964F22540597FCA256E0A9B6252DD8F7D2024
                                        Malicious:false
                                        Preview: C.3J._.......p...k......[.o.....xA...+.4.j}$&"t...{..h.,..+.F..W...1....B.|%y!..qr..3rt.Ax.....cI.\i.].L.=...5Z.vU.O...G... .?..>4.-=..j.w.....+^H..|Jjh...}....j....{..!.._....y..;...,.......V.....5....."O...._)ri....;-.n....,...-..N$>.._...|1....\*.SH.I.;...W..>.n.r1.o.._...QX.![G.....t....X.h.f<Im..a.~.....uc9..on.0..w..h...u.__x.Bt......p.5f.d.x..EsW...{.]..?...c..;...../P.R..t.`..%V../X.......n).......y..._,.....!i.Q.x. ..cS.A..q{1..F.?.|..p...I!i..B..{Y...Q.......&.Z.Ni.I............$...............Z.+.#......J.....ik..k...N]?..V..l......i.K.LO... h..i..V..>B9&..*}ER8.a..+.s#F...5.U.L.j.......H.zex..*...v_....Yj....gQ).....:T2..P...]O....XKs...=..+}V.VDZz..C##....M.A.._.8...yg!W:M.xXL.X......7t..w.k....K..^..UB.5v4{..L.D..-7....u...........x....)^._..wh....>^...../.".........|..>.....}.... K~...b).*T.5}}..".!^ ..'...}...X...+..DU..P.].D.L.9.tM.o.)...F.BNK.v...p...{~....K.ADc~L...=. .uv.....qAm|..1...)Z~...7.Pj.ja...e...
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.953302147772837
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BBCBA1C8F6C25D397E49F9AEB4220166
                                        SHA1:1AE1281CA058AB2F0D6EDFA8FB7C85B2777EACAD
                                        SHA-256:4108E25E3EA6B3547CE5454C2DCB007E8830C421783D43BA06C1E112A4B944A2
                                        SHA-512:35663F340973469354614869FDEDE6B62FFB27D0CF76A196107AF2DAEEDE3B4D4117D2034AAC18764053094B40BCA1E11A27888A84C688DCF2F6E97BC17E69CA
                                        Malicious:false
                                        Preview: ~V...k........O..4....A ..R;q[6..c8..........S#K...h.....TW..,..]....1.....+W....{e..p...0.'_.dY...v...7C..1)U......:..rg..q....=W....x..G..+.....`2...:Dqd.RG..e.g.U.GX...L.[...'y....'....I.9E....&.!....MC.._'u7LQ4..^F..l..#..A.3*v.Z"@.}.'...A..."1b..F..<.l....+....^yM.^YA8.K.^z..[99..*.;...H.M.w.d..m.c.h..^M...a...........s....S..."2EQp.m.='...l..........c.....k....O.d.........y..8...?.2.....veV.K5.%l}...l.d.si....s.h,Ld9.......2.K.....G....>|9~....a.i.2s.0......3....c=>...[............$.........L........(.i.t...r..y....V.3 ...i..i......v..R.QL9`u....A. R..La....dl.^t.|....!..>k.I0....+.......H'...3.../..3v..../..f0...3..]....?.l"`Af.. ....y.l..8.5.W.......)w.u.....D*vtt.a.."dvl..F..*b8...wB...........y]!*....P.....4..3D2.k..:.`.5...(..5..P2TB...B.......c|<G.......(AfB.5..K...~..X.s..F...7.E...-tc.R.j.1x63.50M<H.m...7.....`..x#.{.....z......\Va._?=....*.P.%U@q2.>....p...Q!....l.....~..!..>3...Z...0..M.+.Y...3.Tk..k*.-...Ooi.p..)..
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.9487100448088475
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8E4AE73A715965A3C6335C16000DD99E
                                        SHA1:437AC85E1AE87F79ECDBB5CFECCCE0FF576917C0
                                        SHA-256:E9EA5C1CD896BBAEBE75B1B309199BC2ACD8B0B8E31BE78C37CB960A9226D2FE
                                        SHA-512:AF134ADB33D52829F55EF592480D46FBFBF43DEDC4F346D878B0786C88378EFDBC6CCECBFBE4F82D67A65E4CFF734716FC0ABDB1939EF0312BEE702216888630
                                        Malicious:false
                                        Preview: ...2....;'.........i P.1`.?C...a..Va.....r.o.5.FPu.....hV.......{>..K.l.kD..X)'...z:v....Q..L.x}F.JN....t...>..?.0..t..iy.)H...o.^.y.tr~RZ.9...2........x...N..p.j ......'.2..y....3}L9.#.....~/F....h....\.+.=.h.u.R...N.8.ag....7LX.....l..o._.d.........K..u.......YYt....!.1..1....:4......(....`F..\iJ..f.w..z.+=.2......`.>#...........c...S...[...`.....'.c...([..f...7HN,......$.d.w.Vl.7.O.3.HM-...C.|..3....2...3...$.j..C..@#....7....5hY.....b..T.4.....D...&..iL....&0%.a.)...1K&H...I............$.........9w.....Z7<.....+..4KM.q..I>....:.W.x..8}..u..M.e..<|A.Q..b.U.U...euic.P.B.0...O..[./.X..K.......;8..A.D.p.t.-...+......./.R..........jYO...N.OsXR",.~...}.o..9|.hLv .8.O........b.~I.v.y...>.f......m.,-5v.an.)%?u....z..l.HQ[.mGkF...R....<..G#.'<...0cSV?..c......xH...@..z5k..a.!4...+3....[&.....{.......7..L..E....8.n.m.zU...<.F..'....a...8...q.j4..l...qY..........d..E.n$.r.gf..h.....R..<.q.-1.....SK...J.....*.E.*.....{.v...z..l,...900.3....
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.953946042284687
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9E5E97A0F966B2EA6B1397505E07ED92
                                        SHA1:1F728AFD8CEF7A09F3E8D3F2B50574FF5A0C7412
                                        SHA-256:BFADFE2427A7B044FDD85D71A48895289877E518E3B18280D90738005D6ECAEA
                                        SHA-512:E58E02EABD4C5B28B2E20F7DBD80DB6E5C873A7B04BC37AD63E1F8CEBC0A9CC5DBCD5B7850EC8003C245B49C2F084994880F1DFF8ECBA9D08E357BF133293B1F
                                        Malicious:false
                                        Preview: ..b.U.&....>C.UA.na..!.....V.w..&...I..p......O.4....x.+.z.e.B.-s.Js.l.{..,\m..+..;..B.M0#..c.'.zVm.z#Y;&.u.I..?$T.}D....``C.b[.7..^&.lRl;...jy...jnnE.. ..^O.#wu.XwF3.9.....V.....f...{..(d.-,.m..q*.>...)0.V.....7d....J.+......../..............Z.C...(.q.f.U..Y4..q...8.....5."}...$+.k.'%..g.ms..a...{..."L..._..n.1.....S.....M...Q.&.@.{AmK.0/..<..*.e.p.`{...M.Xh..".....x..7E..x)..r.Q!.. $#t5/>.L....G>.A&..9.c..^.........Zj...{.I.....3.1_.8.t......".......?.D....@..v6.pJ...p_b..%.. ...M....C............$........../..... .....8.cC...m..r..e._L7\X....;JRYi......HMo`............T.@.....a..b..wB....gE[d....x...3..].W.....8&.|..$.ifb..k..h....*O.V..\y+.l...(?j...r..N....0...1........-.}.:C.......cRZ...Y*..A..x..!..../.MN!....n.....C..;.......!3......6~...(...K)..uHxj..-..3.)....c..`V......-R7.OO.....6.s.:.........S...........I=....:.'P.x...M{f.%...#.....^.M.>S.......fL.5..JI...4q)...Ah...1n...d..~l....O..<...|l..YU..S.TquZ..Fb]...|..|..-._..{(9|B.M.{..
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4630
                                        Entropy (8bit):7.9624278843982035
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:411074DB22B60B8CD68550BD5403C244
                                        SHA1:E76074FC4231841D98F558D1DD1FF6065EC2794F
                                        SHA-256:464E3B61EF618341106DD9C304C68EBB592600BB28A2C4A3E2D0FE73613C9879
                                        SHA-512:6ACC7AA1A115540DD9745CFBC9379109B3BC2219B0169F218FFD52CEFBE53735142BF34A99D6CF67D3A9895A0015CD9FC1EDA04E094B9A731DF2970AA2DB4DFC
                                        Malicious:false
                                        Preview: .,w9...E......g%.U.T...*.u......u.........c..{b...G"...6..]...z.{....i.....u5px.S..f.g&.y.....P,(..1B.v..79N.\% ...(F.1Oz..1._.:...:B,.D..3q...w.*3..v.j....k...3.....6......J_]....*....Z...1V./..iah..b....3t, ..GG.k1.....qi.nP,_....9.X..?}.o9....?=i.Zk..<... ........F......B.W(P..An.ne.QbZf.J..U..x........*o...7Ij..zs.....;..&...r<.T.G"......KW..&bY.f....../;J..LgmQ_.$_.j...GU.r.x.r.eJ.mc..G.e.1..RU=.!>G.s..z..kQ...?.Q/o\..i.l...".D.v.....7..I...%.R^.B.p\....m..qa..>(..p.z...5L....Z+.............$...........>.w:.(...X(.a|H4BZ.20%`..A.3..KB7V..;..c...<m.L...)......6.i...I..f....N..\\..OS.V.?u.5s.4.'..s..l)Z/U.z..C~.iU....`.>o...@.._XG./.:..BQ<A...<....7.j.G-..uG......>Wo.iz.....x.a3.m.BL.x&.....G.<.$4 ..".d!..e.....>.B..1......t*s8......._m..~.MK1..c..|5...4.m..:...sWL4..T..{.".cn..2b..-.i..gA.....Z_"`u..|?\.7.c..q..3..x...O?..Mb.h.@..L...`.-68...n.r.....x......L....[.M..C..........(..P.........GAl.L.......*:.)....~..+p...X;.J&rg.!.Q#K..V......Z...
                                        C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8726
                                        Entropy (8bit):7.974649215013609
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:85CBAC040C68CE00F9086F74011AF8D3
                                        SHA1:BBF8BE31F32669C6D781A70AD4C55FE5A7CF6167
                                        SHA-256:2476807EB52215B5FA556367D761CFE774559B134BA0F5D9340DEF7780E4B983
                                        SHA-512:51AEC36C8F5C2EBBE2157ED25B8F32BCD1C1BF1482158F151BBD38856548982ED03E08B0B1FF13F955FBE5495DF2CC2973A6D40975F8F69F306DF33C5DBF464F
                                        Malicious:false
                                        Preview: .U..9..iP....xk..7..[isr.p..@....c.....M..4.j}.\..gr....}.3..]J.<.6.,.....P~9.....e...T..4fu....Ip.E..S......V........nh.....b..LE.....0.N.14.2.e&..!..}h.H.+~.4......K>.JZ.s.....2a.......vF......[ dZk.......,....!...C.G./yZ8c......R'.*....zm..7X.)....z....I.-..Hh..v..~.FO=....z....F8Y<.v........M}*..J...a..M;..9..Bg.......;.1.b".=..A.T..#.M.7e...I.<*@.h..kB...TE. 5E.....&.7.tP.oC..v.fU.1PE;dT.....3`.............\U..5...?....L.-k.h ....0Q.....9..v.....xi."..u.FW..C....X.k.{.....S.f............$.. .......}...{..l.o..Q.b..U..@a.r..9.<.\Y.U..#C^.0.............F.^..R"D(E.u.K.........0..7.^E.|2b..<5)^.v....EZ.Zq.t.fP>a:..Z7..-...2l.O.........r..s$.3..Y.5..J....Q.H.`H..........XZ.2...<|..h.E..?.+b.9-.}.j....l..L.umx5.G.=...Q....k.*.aJ.&....o.L+a..dJ.Ol...l.<.S..-......i]....~.87\#a.,.^5/..E.f...B......jv%............'9...m..[.b.Q.II..*. ..{F......{.C<..D....z.2..h..%...k..W....^.J..2j..:r.i.._4h...mrH...8{..e.T..j~.....<a.. ^. .7X....d..l..
                                        C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):37398
                                        Entropy (8bit):7.9947604542063075
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:912486550870E4F1CB6CF11E7FE912F0
                                        SHA1:72DA7F3D9C6A930356EC456EC4D3F01A19A04DD4
                                        SHA-256:B3B7E6A686C3EE38A5862214B6C973058484B76B5F4AED22A2661D67EFF09590
                                        SHA-512:ADAD9F770B4366B45EFFEC0A8A9B0B74E410A2A990018D88BF07B23050BE4B204E61F2C117AD3B09D08DF690E8DE6D708F85669AA4C1C4352425FEB0CA5B080C
                                        Malicious:true
                                        Preview: .c...r.....}.}T.5....U..S.h.\. .~.Eo....=t.u.[..w.j..>6)..9y9..u#[}.n@....2g3.K...W.2=7.N.I.5..5k..Gt..........g..(z.,.2..m.,G..cj.4...Xw!...|.....K_..'&,A...<d..8.7....P?..."..RN..sWczh....F......|..+.....JY.f\YH.....b.s...L/~..?.PB.E......[j.-].[.O.........3.w$..<R,`q.....g.fMAq?...T.S..Q......EUF,gg.F..=w.....vu\#.0.1[..._H.|.........Z_....g..2.~.Py...$..1m..o..V..;....V........g.J..c8......9..PC....^r.R;..:..E.D....=..R...H..S...B0/...a....W^....&<:......$...6.;-.mh`.Y.)..HI.{-...............$.........rN....R.j..Q{>l.1..[].XHKjQ9.......?IJ1n.'q....}.m{*.?>...9Z.5|;N.....,CmgVMN.(..{...k...1...X...5...:.....?....w..{6...d...+.".CGR......P~Dr.....`~0..#O..-@."..ln..Z%........U6.Uf~...F.IQ.$h......gr...z.....0y,....!..v.m..0R6...2[p.5.+\.......0....VR..BB.....c...s$R.....Kd.....M..T.g.....F.v...G...R...C...>...Q.8D-......13nJ .T^.c<....>Yf.0.,...t.|.h.^Z.s}..U..2+P.T..v.!A.6^...N.f......,..9.._.w*.g.r...:.A..9v...0..~||B7o.^#Q*fUS.
                                        C:\ProgramData\USOShared\Logs\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\USOShared\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\dbg\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\regid.1991-06.com.microsoft\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1599
                                        Entropy (8bit):7.879628947132337
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CB28B8DB021EDA7EAED37B284BC42D70
                                        SHA1:E384807AC2529573E034B12C2C4F395B1C126D67
                                        SHA-256:01C624FC07FD8C5CA0CE8307CA336E80E3EFE5D5F476D71C8C9E175FD506E179
                                        SHA-512:3F65EC392623909FCF4CBA8C18792022DF6A5E9DA715A878F6A70B101602ACB5590516FED857BC1DE38250050B761D1CE2D2F1260D8195BF7C82595210896386
                                        Malicious:false
                                        Preview: ..<.Q.H3....T)...O,.@.....K..(Z.......zZa.......>._.%.H..*.z.....v..u.`5,......oJ._&...m...xJ.E.u..g.w.4..r..oBi.Av0Q.<..c....!.5.m.3V.5I.;{.......>.FM.....=...F.i..~1z..N....G...n.L...j.#.5~J..6N8.F..X$,..{..8"..`&zj8#RvZ.?..y.&{....wD...d.8....W...?8.....2..A.g.|a\.T.lo..c...]..@..Q#.b61};.4.......R..).Dc...@,>......>.].......X.H4.7-.......=..\.}....s...<|.m.=.......Z.."....w.....zk.._.....r....7K..U..!k.R.....+.n.[. ..'#8......lW.M....k.........M.3^.:$<.{.......D...p..S...#...qCEG.Z............$.)........I.5.4.w..r..Iw.....\a<...d..:T.=..6...Q.G.....h./?G.D..e..9...e..}.D..&...m.Al..)l..p..J8...x.xo>\._P.:0...W&.3....8t......l....=..G..Jr^............}]...qNs.o..n......BJ....E4.2.r.$1D.........9Q.U..E.*.h.:.).....s...K.-.E.....K0.....p....%r.`}.9.*...w.8...ne1!.......kq....$`+g.g...m}..).1........x.`.=...T....e]..B.4fGM......._ws....&./..'.+.*^....Y>.o..}K..3{?]..;.8.....$.R9..L.......?.kAm...=.D.W.0c..*>..1,..R.d..n.......d....-0@...
                                        C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1527
                                        Entropy (8bit):7.837062794202608
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DF317233D6FB819F56295DB7FBD4D408
                                        SHA1:A6311DE8818FD95A46ABBDD7E9B0AD02739EAFB0
                                        SHA-256:43AE4195AA0FCACEEDF2A68D4A513ACD74094AEB12470FAD01529FB29510CF16
                                        SHA-512:D175B5583B86D978FB5F09E242A6A40336B0DF04E7CD1D5A83441EE3DFEC33120D92556827B0F85338B5C55569606E0E0B8BEA11CC62BFC6FD4B91970EC0CCC4
                                        Malicious:false
                                        Preview: .l...F.T.$.S....a..D<x!..,.K..j;.P9~.....6...%<.t,......q.d.J.....U).......l.N...&?..t.&....w.-.ftUc....4B..F.@.8h....`>N.L......[..c>.1r...;.7.I.A.\d.^..t..7...8.GF.B#...?....}.)...a..V]....3..D1.'.v.#..1).T6[Z..X.+8.........K"=..!..sC......7<.p.....l~C..{_7.-J.....:.YK..t.O.CET...s.C....~{.A.c..W.}..n}.+...LL6.q>0..=..b.....U0..g.u..[A..h.D.^.4N)...].vB...~d.........p=...UW......^..?-...W.3N.U..S..i.......W_..q....~B .a3..U..]...4~.:....3w.r...eh..xL...b....gB.NR....9..^.{..f............$.............N.)].E.%."..)./..)....T.<...r/.........\.sQ.g.=.n6,.7m..@.....E.^.Sp....._w.4..[E.x..7C..c..Rq^G=l.T.].!.+,..V[..ug.!.GX,.>wm.*.....f... ...T...Z.1....2.....l...!...Ot$.3.f.>smn ...!...,..eZ..}...=..{>X...,..}..S.O.V.P.6..5..].zY...]..]..h!..~d.>..hM..1..m.F.....p.Q'8A.l.......VZi6.....Z.Lp.....%.m&9..P....._./R.s...M5..}i..Oc L...m....u....."9.Zg,@.1!....G^d Dm.Lx....(.W{`..X.h.Y.Q....".Z Ck..(.{........Ac../w....*.w.c...B...2T..E..\
                                        C:\Recovery\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\AppData\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\Desktop\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\Documents\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\Downloads\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\Favorites\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\Links\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\Music\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\NTUSER.DAT
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):262678
                                        Entropy (8bit):7.9993193660885185
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:F0BB20FF970CF88B8F86FC7B7C83922C
                                        SHA1:ED6EF16AEA08EEA0EF7A81BE58AF3B38AEA5D670
                                        SHA-256:CBE8B6CEC88DEA43E39C43BEE2B26F625305B72B90720FA471ADFC57FECB189F
                                        SHA-512:22630AEE5ED397E874BF3DAC99D7BF61151C2174A466C7C00BA4059A09B935838A81EFA02D82C7258949885535CB302F37B8FB5EEF370F11545C02BCF4291CD0
                                        Malicious:true
                                        Preview: .8..u....+...|.fR.".........l..m...ay>WT.4k.......uCKj..2f{rb...`XP.uc3)y../vT..r..Uv.....-.g.3.d.v...3w.$G....9....0.>.j.6 .."......h...H[.S.E...o....5..y......U.20.. v.j..+.?^<du..iSF..>[@-..e._....C..I.e..BH..w...E6..j.{...^....F.-..J.....g.."H.qi...E.....|.'.......D....../;.y..G......1{E.SF.....G..F.8K....iS...uW.x.....w..}.=.5.10.G;V...t^.\^.s..n.W3u..Q...?q..s|..1.W.+_n..f..W..b..v..........V..=...m@.l..,b.....Z..TmX..Jhc;.d;.....ed'...%.].m..T.p.}.L.m.(W..A.x.z..q..............$.........-u..S...y.E....'Lx..r.<:....,.XT....&.p%...^....Y..j..<..Pc...S........d..Gg...g.s2p4.X.(>...Z.34.:9`..<]=-x.v..>\....-f;.y. D...9,.1&.&C.)5...?K.Z...`X..\W.w......._.3.D.Q.)%...o.......BzX...bw..Y.P;X.....\...Z#......=...GN$Q"....3.x.:.......'T....s..e...d.^o../.Re)....G.....|k....~.>=.y..X.P..@(..{..D.....~.f.c.>...E..f......dhp0.;.r..,.$.?I"..'..b....z......Q..o.:^di:{..Fz...[...............h..,.e...]q.Xu58.Q...)k 1.q v.=..#.
                                        C:\Users\Default\NTUSER.DAT.LOG1
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):57878
                                        Entropy (8bit):7.996809324086546
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:6D3CFE66B6085E177B7E0FCBD5007529
                                        SHA1:37877FF51D14AEB675C81B889247EF591726AC6A
                                        SHA-256:1EEAD6DF3B397EA9595F048FDF33EC6DECA11BFED6E23A66FA10EFDB109717A2
                                        SHA-512:BF8312DDA0D87D162F7084B5AA48425BBF68B2F7B026EADAF0399DA82AC04C5C584F264E5FE045985B4AC7727198C1E3F6A3654ADFA610CE3530F2CC3019C33B
                                        Malicious:true
                                        Preview: Tk....A...,.(.~S../.;s..m&.n..\...o.]..5...xM..Nf.........3.S.L.....(...{..<......E.p..:.f.pW..m...........*.....y....Fb.w.]0Fr{.A.....l.L..b.ZX..4o..&.r......zO...<..y.x"..`...|y/...-........2.Es...8.....W\.......{..ks..K..>.h..C...o...{#.\.2..!.;...p.J.b.<.\J.1<........=.z.........T.x.>yT)../.=.x.jd...?....t.(..|,...$2..<d.NP[..P....s|....z."..e..3..<....r.{..v...P>-.Fn.../Y.....3..K..a7EoS,...U.i../.........x...q8k.S....G9..J.f...........NA.Q*.U.........U^..[.t5...@~.zJ_.2...p............$...........;6.q....C.+..iv...Cs9I..#...6.$.G9d...u.]T...{.g...^d$#.*g.Ec.W.Mz..6...e...0...e.~...<N.9yC^....E.|{>..I.0.i.b.Vp.4...f....J..zO.M........(.j.....S.M..-kM.z&....v..#kl....%....;...p..AT....m1L...E..IK\.?..*..Oj....g...$.*b.C.p1...;3Wb.1..K......$...d.5.4$.P`J..ly.U...O..l.s....:=.6...`.i.......@F.G.@...(..;.o_...[\..VI.O....ZB..<..6.ez....L.....94..~....|..?.._.].qgK...9....$...1..E.C./..$.PE..n"]..7..j.D...%.Y......y...x.;.+.m....,.
                                        C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):66070
                                        Entropy (8bit):7.997130231934923
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:02FD0A4FE975A1955C9F7ABEBF4EC3A8
                                        SHA1:47BD205EE782571117C9A925D0402D15583DAB18
                                        SHA-256:5E5F4AFB596BADA58D4CC68ACEA6FCD2AC4C2540DD488733B9A35E082BD5D48C
                                        SHA-512:67EFBBBB0495610063351EF34E5D62BF1C2814AA22E9FC57DC2A9979A1CB7E2DFE08A892A09AF7D2AC75A57AF223E68FA4B43E75836353EB024F138229503FBE
                                        Malicious:true
                                        Preview: .18..B...L.....>.`..;."._mL.C...[..WZ........./...K...4S.~..TSMK...f..,.F.Gn...T.HpV....g.?.....*5-...8N...&Q.?....--}.]T.8.{O.....5...3;W...=@?..~*#/.u..f....rX..._%........+.)K...G..}..K, ..N....^?h..\..7lk..A..7...k....m.......%...Y..tik4........+EF...F..&..9.."...T.$.t>...R...9.v.d!..........=l....p.`- .n....|......7.../.r.R......?.H..4*a. ..]VJf(BH..........X.....v..?..._.]tJ.."X.......e.......vRL.V...}.......+.2....m.Q..' &....O../.^...JV..."!K....R./...!..sG.&.-..%.Q..3L7.=N...............$..........GoI.N1V;.z!...lN..X....n.*.$^qf.d.d9..\....+..j......F.`...T.....:G4.....?.s.>.3.M&.~*-..g..@......\.".Hx.{Fk.t.!..g.+y$.U..A..w.g.).E.l.e...6..Zg[b0N.h5j.~.i.E..Hg7v;.Px\.Rk...`.#6{...L...X....V..t#.P.c..T2g...1....aQ'_.V.q...T...KFb..].....+....~..n...n.t........(f.mx..L..........4.h..t...;....s.l.eC.q.^.P.._..i...u#Z...o.}J......D.......5..M.o.I.*..v&b.../>O...X....~"!n/.5}.t.a....a....&P..us.....x.RXX..=..C.Q^.vul....k-D.A
                                        C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):524822
                                        Entropy (8bit):7.999689522033679
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:9C4BBEBBBC78B2C1EA167D75178D4C45
                                        SHA1:8B60AD1F3D8393CEAE490AE46B22998354E08C67
                                        SHA-256:573E4AD45A7E696EF61E60B79E89C6091647DA811416D0612E7884F56F4F8A4B
                                        SHA-512:E070ED7B73E0868342CAA243FDA80F66BEC3400CA120A282729EBC2F5D3E56D051648B42049F98E680E1227ECADB3FFD054D41A498ED43DD047FC352BA03344F
                                        Malicious:true
                                        Preview: .X....]$..=..o.....S....l 2e}......6...U....gT..H...e..ep..a.Q.{......'%.b.N@.O}.'l..9M...$...5.....R.4...Jc....KM.....3.3. 0Z....$.&H..+.5.....njU."v..v5.1.:.....I.D.<.@.L.m..!.~B..5M$>O....B..&,F......6.9....m...O.BgSm.A.S....6...;..~.'..f....d.....>!....#{.L?.7.....w.J..&wL...|.QN..........4J..w.:m......y.......7.W..0..4.,J.h.Z...&Z.."...-.J.......R..f[..(D..uG...>..v..!N...6...+G%....d..qu.".....S.<99..&M_....d.../....hP..._.N..b..I:....x.\-r..H..H.TF..s.WF.}.V......{7..B.<............$.........;Tn..+...Im.i..*.l.<..GHq@.).-.*.&l..k.s1......0..K..g.r..%............Z...u...eL).m.......(.B.......^0..Y..a..k.....!2v...=?reK....S>......}.@?\.......].3..e.Y.R...F.....^[.(......:.o.......{.......i.C.... ...U....Y...<F.....1..w.-A......%G&.........A~..N..&.............#..$...}........2.-..7.-.M.c.d.%......A}..$....&....,p...9)0?.u.I.....Z.b.x.;*.K......?\... ...}....._....~..hA.).:...._.J.zp....[#.Dq.k..._...PQ..2.Cd.n...
                                        C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):524822
                                        Entropy (8bit):7.999637467742101
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:F34F0952AA312CE55D6907EF3456B782
                                        SHA1:38FA3A2F4EAB75578679343BF969492E0B42F655
                                        SHA-256:85C9862ACBB0E76928EDB5D1754B61633041E55B8037D3A298BA14C7E35692D2
                                        SHA-512:3EA713E7A02E3F171FF12F7FAF6EE236C98BD4E12F50AE9361254F68B1D747B140742438CC5DBA38E470FCC073DA02A1E513DA0FAAA84661BF12183D681B09E3
                                        Malicious:true
                                        Preview: .K..{.c.9...G.p...SV.[s...R.......j.....,.u{........prk0........^.!...g....(...!.z'..<~..i..}d]....d.."2...^g..Z.@o....T:.f..\.x-..'d.".2.$YT=.}.*..T.{.5qp...w.i.|...7...d..&.......B.8..W&..._7...X.iQ..G..8..Q).C.}...)...e2].[J.D..g[.p...Ij.F<...R;.Y......:9=..|.K.?...._H4.U...7..m.u:.k.V<P'}{H..r....Y.M...k.....$'l...P...n.......3S..@....$Tg.qP.@..R.../......>.....K.[.L..........P..D....7P...%{.{KYO.;Iy.R...qz.].Dy...DZ.'..../.....5P....jWB.....`@..."......k.@..i....I........t.U...............$..........i....pj.Ml..Pe?..t.W.e..)..AB.Q.:!.l.......4$.A.K.F.+...<U.M......T.8..%...D).~h..~.x.[.rL8p.j-d_.8S.y(..k_..RA.-...z......)..5..4....)p."..W.20.s..p.1........d.R]......AC...,mRv.-.C./..p.1.p..L..g8..NSl.$-T.i..j..a.. f.7...Hz_.:.4........_BO.q..........(wW......<.H.....e..[/..U.....t.7_....Q..6.x.\.8...n.2...RV....Ki4.un...F.x.<..{..x...L..............._....Si......./U.1.-1.ZI....j.4.....Y..i...c.V..@.~.#...1-...B).....u.+h..D..}...........
                                        C:\Users\Default\Pictures\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\Saved Games\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\Videos\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Default\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\AccountPictures\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):730
                                        Entropy (8bit):7.657926993299482
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:230045CDDFF955B590FA2BF0D8F75A9A
                                        SHA1:99FA45693DF521958317D6655FA0226FE20286A1
                                        SHA-256:FC802237FDBA296630A2254BCF3041686298E64E0441BD54273112E24731D499
                                        SHA-512:AF5FCAA4322B55A4D40A37233542EF2078BA121A0C577B48E75DF69E0F13A6EA6AA22A96D2D1D4E91D9626F4B85DB84E58602D320205FEEADA5CD25D37CFCDA1
                                        Malicious:false
                                        Preview: .rH.8....Fo!.....,@.S.b-.g^y......<...Fb.M.w!..c.n.......2{.V.,....\.....3.3$*...#...]....M@..A..5]Z....J.,..T@.R.X.'LW.....g.....<.../...#..8.eot..Jb.F...fCU.5_......".1..L8.W....^`}.T3...F.......PS.oF.}..F...!..KG.`.#..v..w~.!....0.l..1...'.6[...hQ.7..2.....'....L^.....l..........o....*..,2F.}...0z..i[...u#.&@.,..zv..."U.7....{..6WLf.b...j.1...L'..lH?..\..xmf*...0.{.W.F.tF.?..N.#.f...ta_.+..?.|....o....3....r.a...[<...zH"vp.(.<.U.#D......&. %.......b*.p.A..pRw.../.@.......H`G.b*............$.........~...........$\........b..L~a...=.Xq...5_...X.B....rwtu...2..M]..P........:..&..@.mg.....k..n'.L. /.V2.|.M_Y.g.......[....iM..E.[...8Ji0.H..@.8hk."....*.u..k..........$..M f...q..T
                                        C:\Users\Public\AccountPictures\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\Desktop\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):708
                                        Entropy (8bit):7.680486417998971
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3A252DB913D8CF2E8EF8728F0A7FB2A3
                                        SHA1:CF649354ED7E2CA8383977FA550814758C06D54B
                                        SHA-256:1BB86924EEC133A5AA10E3F17C81EC66E6A77B0DB6333CE66EF244D6C553F4EC
                                        SHA-512:9C8F35EAE1643FA2E62A33A9BFF2A1E5C0F7B4B5935F58D900DB11C69C5B3BCC32FE91CD315C4047A4A015F5187F0B979C8BBFF42A3D36EC3F82B0F5F55779D9
                                        Malicious:false
                                        Preview: :...Gfe....k..Gl.2.?..\..:.X..tf.B..m..0Le?Y.qb..9.....p...R......ud.M g....LB...St...^'aW..qF.'M5......gn..&..yR....M.....#...K.r.@....%o.3...>~..k..r......I.;..wO...^..W{.2}V..4.5..c....*...p..<.w.@S.........y..3..........!.Zq...)<...y...?.dlg.i1.G.".....ATy.*{$....D.U....*.~...v....M?...b...\Y..../.'Ki......`..!:...v...5~..w..'....3.s0.....S....$.....@...mX.P...'ds..$,s.p....3..4.g.....J../l....TH..dC..w~.X....H..........x..L.,'.RJM.,g..w..*x.HMB.&'.x..sU5...tU............v............$............U"...e.O.b.;.]d.....m.x.J.m .......ked..W9..WK..wc).....c.:...K...5....7.q....4...D2.m..+...n.J..5....|.......-..k.u..]F......+...%..aY6.|..@. ...D.D._F...L.4..
                                        C:\Users\Public\Desktop\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\Documents\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):812
                                        Entropy (8bit):7.659606138264096
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BFE404B35DB67DDB95C0ED66D8E79F6F
                                        SHA1:4475582FFCA1FEC1A7659306330D98405DA75D4B
                                        SHA-256:7238C46F50E24BD17CEE7F102CF300085E6556ED92A41688F978C490827C53C9
                                        SHA-512:B49F7807C7576FCC2E0F03531607D7905E23A902DC4D7BBF83BF0038538A7965556027B2ACD2231663354B097E7E47AF6DBE22E864F2F62EA9D77BB7995A122C
                                        Malicious:false
                                        Preview: 3.=...j..*..*.6..........}.....z@...v....ll..@..v.....?....@P.+.$q.....L1...1..s8>...G..z....1.7D.....K.h....?..(y_Ud%......R....=t.......Z...w..%#..E..]..@-. ...........sw.S....O.[\..3..R^.8...5.S...A.....I...s./..-3.i"..0T.n:.DO...YW.A...."....s...%.H..<..@......?.....}.Y?.a..M...6.(...N&..&..Sk.:.g(...,.?....n.o........K...L@{.*...@:...s......X..D:.N....X0.".4.y4518.._.I.....;...^d...#.......r.C.*....Y:(l............l.TC.O.pY"..-.s.+..N....."$.9.4...(...h..D6.^..Z.{X.p...Y$............$.........?gn@.q...f...SJ...../v..x..>...;..&/..m...X..[...?f.-U...P..$..C.R..A.f1.d..nB..YRz\:p._..HD..y..o,..O..Y..h..Y[.4?m..C.....p..n.k0....~..h..%p....(....=aw./.... Z.]..-.d...?.....0...2M.@.yMC....d....K.x..z4.W.....dX...#...4..'f57F."....\..K.mP..#Q.........
                                        C:\Users\Public\Documents\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\Downloads\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):708
                                        Entropy (8bit):7.663459189852806
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1D8970E82EDE764519D81BCF88FADF2B
                                        SHA1:6CA2A54B34D3DCA375F5CEC7EB6A218E833068DF
                                        SHA-256:B13BA67F9C8C69BD669BE359AEBBA908D0C91A49FA31BBC6FD545794E34241B3
                                        SHA-512:E677CF17999E36697FE912F0F19F31A9032F16878071F7607AE616C20DC59BB762250A166B18042A8E13C575E35B652CD9C69F8AE6563128DDD20EDD37EA99DE
                                        Malicious:false
                                        Preview: .r.E..$........^L)...!.V......0v......GY...u....=*.S..:.v.To..l..ho..\(.0..R..&s+\.[......r..,.&`.8.......}Pj.Q".;.'...\Y].....+.....g{....O).....t$d5J.n8.2XG...d^5....T...,....e+.)..0GX..X...u.U.u .+......H./.e....1;...!.[...v....2$.....!W.....\T..._...N.$S.!.B...5=...lE..>._.N.x.*B|..1.......cY...._U.(.{..vi.w...%..G.h..3Tk'PoK......r.1<..8.@..5....2"..8!.m........t.=.<.t.o&.TC.....$...7 ..-.......g....Lp.N..@PU..(.<K.M<x..Q.@.c......A..D...=.W........N....y..h~..koq.N......R.Px9............$...........iiv........c:..7.:O..F..gN...N....g....E..d.^....a/...O..c..................R%..\.G.Y|..I.c&.6.2.\6........!...(ljb..5..Z.Z.L.k.M-{..G.|!.._.\-J.`....x...;.(y..s..
                                        C:\Users\Public\Downloads\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\Libraries\RecordedTV.library-ms
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1533
                                        Entropy (8bit):7.870359876925375
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C2204AE96B49A9BB777214F53867AFAF
                                        SHA1:ACC6EB711E627B9708011E0E97C607C70EF24B6D
                                        SHA-256:3327B74B8BD48D9ECC35927D62D1681FD80F6A35CD03AE161ABE5DDA3F670642
                                        SHA-512:6E26167AA0735E44A31C6524A0B7AA2F283C7541713A619329B0BCE4D1629CBFB8C52E62BBDEA8E41FC06B31AB042BFCCA7B4B2CF45C8C66B865F190357A183B
                                        Malicious:false
                                        Preview: .q.).).L./A.w./...~)..>u.i_WI=.M.3R.....7<D.n..B.W..v......].9<^..........M...Y...#.7..wX+Sl..7...N.aZ.A."."..(..a._._.....3.a.!V........9...5*..?$]17r...b.x...(n.-...s*.B.sZ7...-z. ..D2.x..k.'Q.-....Gn%=.;...Y..d]....x..B.R`...k...O.......<<&}...~.>..ll y.L.4d.;}..Y...2.+N..........R.i2........8.....t`.Lyrd...X.^pk.D..#...nt.....X&d. K.....c.~.......mznj....#EF.&.7..0.d.f.P..}r.k.}>...^g......L..T.a?.D..5.==MaK..&.v...\...../..I.C...x:.:.p..}..._J...pp...L$......*+B<?.p..a3H..e....9N"............$.........s..Q......?....,4h......1..?..~"D5...0..0...o.\......2q..o....-...C.F....^.'....o.....[..Wm.....(uL.yD.@.7.Fe...~IH$......r..n.ElW.....)..k......F,&..R...............}...N..0.c.dF..|...o...:..p.1..ib..X.V....S.9]......."x.8.l?t."g>..\>Qw.|3....fI.......oz.......&.....]..x&v._........!.RT...)...p...E@00f..l..YLP..(.a..N...0 ...}.....ZK..Yv}%...1......R..jc.+.o!).....[^...n.\...!..Us6...l.C.g.....<....{Q..).b.4..2.7...O.51.$..<}qP.7.g@D.e_p.FP
                                        C:\Users\Public\Libraries\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):709
                                        Entropy (8bit):7.63997196864708
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D3C851D5ADDD33DB056CD7632B149C1D
                                        SHA1:63549AF29CF57B48A895D9A47352CF39756AACA2
                                        SHA-256:3783ACDB12C9DBBEC4968CEA466241A4854C314FA71FA6C384DFD2A7F6E35474
                                        SHA-512:2C62CAD265EE93CC05D48008BB685E43632B20B7A23DCF60520C07C4126D2CCF14857C22F073D29184A77976EA95640716BF8ABCFED5AE03595D2211D4392909
                                        Malicious:false
                                        Preview: .<.;.P.....'.'=.~.....6.21).Gd..0....d!.T...D.7..cM;....o...Y.QIvB>8^..._....xUS_..>..]...t.....A=j.........!p..z.B..X.$W....YQ^.Z.dR..._.....4P.L..v.....]....q..o...&..............szU=i.a..i.E..8..w....._!...8k..2.....Hvo.?......d..`..t..9x.3.z.L..t./k.1.<...rc..4.L?.B..y.%-.nq!2...a@.......;...b..4..e.]..#)T.1....z..4.....86...T...E...w.1..A$.n.d*.:i....T....n..O...>o......EC.e..m.../.,...l>.c.Wh.8.*..sM..E.....T+...*..h.....nW ..t..^.%........7...n.F]..]...gxw.g1....^..Q.Q\............$...........4..s... ./......U.B.yn...?.uOD......C..W,..4.P.:...l.....9K.&eq........!eG.>..ug.....T.n...V......}.S........^r...c.Z.....j\q.&;7a.>].....#^Qo...q.........~..d|f.e.w5
                                        C:\Users\Public\Libraries\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\Music\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):914
                                        Entropy (8bit):7.760515800610119
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7119DDA0F89520DB24F4D787EDF6552B
                                        SHA1:7677172BE79B90AE8B2B3F488F2FFC8E3E780501
                                        SHA-256:93E1F8EF271C414E7E30ECF447D4B8A9587FE042F87A5016F99F05590658B441
                                        SHA-512:021D540AA15FB7AE903281D048AF8E5C674D99A6C6E6275C1A75A065F93F5A5F51AB151CBA443C4DF409956A0ADE94D8BA5CEE0372D79035135EA53AA7B0C556
                                        Malicious:false
                                        Preview: ..T.j..m.<..U..N.d.(..`m....\..I.....O...Jb..[c!.).k. .e.$..j../yN...p........._.^..o.....}.5.'.....~n..p\....|.:.V.N....;8.....J{.:48.....EL.nQ.<;.+.5..f7.A.c2j.......X........U...m.W..G......0....<.B...".=.......^W\.}..x...a.....4.4d.#.<m..$.....b!.p.;.E*J..X.`.$~.M.Q7....GtB.P..>.."..u.r.[..t...dvl..v...&..G.P......$.X.72n%yZ.......?F...WKj*/@0..|.,..Z.......B....t.H.FGjx..g..~.o.m.0.S.....e..\.}..O.yF....v.I.h.....y!....u)8.u..?.....j.?.G.._.x.....(j.sO..|M...oz.%I....#.............$.|.......p....gL.. .j!.D.8L.....R.......].r...>..x..D..r".!.......pdiBK....M>|...<}....R...S..g.O..2.[........w9|.d...m*.N..q.k.MW.E..BA...s.;...s..pY.2..'..si=.Wg./..X<..........V..].qs.<p...XT....S35.V..@..Z.OF.......d........Mg."..t..P..8....Z.co.../j.....Y.,...-7..S..[.ys....!"...".+<sr...p.p.0.H...^x....#.......!L....3.B .<..-....\..<.=.T.d......)...+..U.w.T.
                                        C:\Users\Public\Music\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\Pictures\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):914
                                        Entropy (8bit):7.71570098763315
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9AD14F91DAD5D543E68CC1B4E8F0C56D
                                        SHA1:704357F1CBDF804A2DADE3CF578A879E90DEC6CF
                                        SHA-256:1052F41E0B2A1094CAB61AF40521DE2C5F9182E084CC6C4C3DCFEA91EA7E77F8
                                        SHA-512:6D65ED399E36E815C64AD1CDB131C13C963E2917B52295BCFC844094E9B80E2EE74F341680F66AB86C09EF547FC0A91EF37036CE40315A342BD4F4D2A111A265
                                        Malicious:false
                                        Preview: =...#.......o.DD8Y.M..a....q}Z".7..[...U..Y8X!I.._.j...OR.Xhy.3=.Y..C..p.I.v.}&..q.j..(2....<5.".]..$..zg....q.......sHr.mZ..<|/..F...#.c.2.M*v...-.awH....._.A..L....=Ar..|....>yO..-.U9..lC...8tq.v..<,!.d...X..`'.N...1.q.\l..1.b.#.3G...9e...'.=.3%.s..]..9R.....p.O.wE.X...h...oA...W.\@....iR)>|/.O.V.>.....=7I%Mr....H..D...qd....L*{...\J....%.O.M.b'..{....h.@.cA.....I..@.<..n..M..w.>..-.5..R.~.S...#..-.n5..!...iJ..s..!.V..|.."..3H.9.X..OO...Y[.B.....fh..'/F....'.?...p.Z.d..A...6.B.gkh............$.|.........m<nrtb04./|.....V.........[.c....s.....n....%..p5\%Y...r.......r........d....eQ..Am.....G..7....S...^.`...W.(.....M..C.q>U.:.x......7(...m.........?.|.....E.s..%8...~9..cP.....Fi..R..^.r...].<X6{.C]..<...#X.....E.....c...\l8...b...$kE...S..}1...|...t..n.,v....k....i0.Y.}.]\.lH.......L*.l..n...DQ./...:B.]O....2..H._.M,h<6Y|.Ud5.....k....M...%....Yf.-.S+.B\.B..
                                        C:\Users\Public\Pictures\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\Videos\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):914
                                        Entropy (8bit):7.75080771102189
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9E9A34E7C336B2DD92119602E644EEA1
                                        SHA1:87C7F3FCC037C011654FA4AD3EA09E323767B13F
                                        SHA-256:E4261782E87B30C769C0FC513F295F16977415ED2CBFE573A9C94A51310EF9EE
                                        SHA-512:F724FB6AE27C2541E63B7C5616591EDF3D021259358C0D4679F44799FEFB77CCC48A342012217699E11D67FD2A81A30A42765C32BA175BF0CB3F09231FB62488
                                        Malicious:false
                                        Preview: .X<.r....o.[.Y0.g.k.0}.....V.....J......p...}..3.j.cS....Mp.Mh..........W.$V..#.>]....[D....p..z.9..<.8..@.......$.....AN.T-....H..9.:|....&..)..2./..6.2..]..@..wp..7.6....@...X...8^....vSa.`^........C'Q...-..Q)[.'za..h..'... ...W/.8F..z.Utb.Ia ,...=.4...}..<Zj(B..Xg....2'.yh..>....U..$.$.....n....i-.BE........%+..!E.....D..J...W.5.]x.....k|....(..Q(..b...>.d."...k..&...>..V.C..oQ.Hv....b.....3+,A.@..`.0."V.}.Q4..V.Q..F.x%....^..S'Y.R..c..fn...o.."..@K_...6.R.b........bl.z.. .j..C{.kO............$.|.......Q.=....CL3c@..Z#....nG9.D...,!"hRe..O.....4.M....1.....N.....[.wM)..........%r.8..<[..e.."-.m..BR.t..@..A.u..f>..A.xe...Cm.J$_.>Q......x...BD.......H...H...d...J._.....%......{.....B..m.....B<I....p.,Av....n.D.e.l...<2i........".u~jJ.*.....x..kJ....1.....c....*....J...4.h%.(e...w.......B(....cE|...O.m&.....X...f.2....T..f.#Dl..o....W.1.Y...3.>...3ZK..?K_lw
                                        C:\Users\Public\Videos\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\Public\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):708
                                        Entropy (8bit):7.677459921286812
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0FDCDE8F7F58B69983E1A521656FC6A6
                                        SHA1:78DC91F5C283DDED9264AD46778102A88176C408
                                        SHA-256:43A8EAFBA8C81A5EC218D03D558A8BF6468237672CBE07A266B8C3A396BE86AF
                                        SHA-512:DB7283567EA96C02BF5C2D4D09DD12E9095696A8F5D4D7FC7C5A2BC575B7832998C9961202B17DDA16150E12002B7A77716A86666917A2E2F4B53664E0D7AFB6
                                        Malicious:false
                                        Preview: >........Aa!H....{HK?.G#d$...D.Tt...jn....E....~+......O4.\{.Aa....}.J.S8c...G..B.Xx;........f........F+/...B...QN.q.]..0..........|.@."`.).r......._?..V.....^.....B..Q..N*.b-.Cy...6SWus.Y....T.$.].$&}.~....tg9...w.j....PB2..&'..'w.l....,..C...O..1-.F..L...S..d".....M.j0h $...!,..8n...=...s.c..rT.:.F..c#.m.*..g.0.$>&.... ........b{.....k8.....xuP_.>.r...I..+.L.N..#.......}+....m.{c..21.ya.]M..x.C.HL..P........\G$.]......X..%*L.y.z....x....\...)e.Q...Dn..'..w..e.[..|........].................$..........Or~..........2AT. .......l..|.8.s.. e..M.... K3/....nt....4W...]$H.+2.O.....x..h.1d....`}...c.dD...#...g1...=...*j+...|q..s.}.....46.Q.tH.z....UL..\..}...K@.?..iD..
                                        C:\Users\Public\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):708
                                        Entropy (8bit):7.664087370516774
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A240BDC66B7AAAA7A3FD39239DADF811
                                        SHA1:8F0CF10B1B4FB8881127C5CFBFE3A4B3A5B75F21
                                        SHA-256:1E658B8ECD0422C3EE425FE2EAD867A0502DA0089BBFB34B6C9385B2BD739FA0
                                        SHA-512:7311E442C4130142CF8D3A8B0F4D8C814FE693DCA4EAFB05F9D7C83E787C629ACCC35FE40979A68A64E89D167CAD426172AE3F606F49D8D968A429047833D6E4
                                        Malicious:false
                                        Preview: .3$~Lq.ay....O....:....E..L.$bg..^.$...lB2.~...%.5.~6...y........Y}...pD...4..*...R.w...aZ;.@..As\h.SQ..<..#?%.C..K{H.0...O*q.i.-s..M.>..+7%wAF....5..".0.4H..%C...lc..H...Ceuu.< 0j..`....4..n.*?...5...x.G*R..X..R...IX.....XM._..{q..r..+...<.......a.l T^l@r..ze...y.>.y..&.....O..{.M..+..4....y...q`..+.....f.."..p.){...m..\.J...6gL..|.....,.f%......& .... .'.......9.V...........O.g../.e.......W.D.PY.W..`....?..}:.....K.g.l.Z.u.......5..2...it.....w.7.....P..!.....`...b..xq.kH.`...?..F..............$............8..U....."2.q.YW....61.w........}].....0l...k.......tY.9.{..H2.9.j..KL-..0.r.s>.X[b.xW...F4..81..../..@4..3.j..hVC.}..1......(.!~.......[.X(z..618...s..P...r.SGZ..
                                        C:\Users\user\3D Objects\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):832
                                        Entropy (8bit):7.711573102881799
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C8F9F54E9331B0B9653C17D03E7074F1
                                        SHA1:6B7385261570D9502BAD00B5B0CC4699F73A15A3
                                        SHA-256:0410CBAB54B1E1B2334FF96A2255DFD9602B9A823E4151E14725CD407706DE24
                                        SHA-512:A9E13896E30A1CB536D3BFC3642210DC272E2B14251085AC2662E0C3E6165E8F9DD1A932D5F2EAAAC9E127530733AA9EE25D1B906019363F6720BF9676E71494
                                        Malicious:false
                                        Preview: .E.%g=.M?..s,.[V$.BBI>1x)..}....I`.N.$.`.........f..&f.E.O..I.r...&.d......X_.pc....U&y.k..&Et.8h..Y."..R..l.G|H.I"..:"..~F..........+....G...+..8.#.!G....c..N.}n...Oz..|p.q.I.Y......KBa.9?.9.T..V.'..3..0..A..6K8./...A#^pe'..!1.n....O...|...:..2?)&b..Y.......gl....>.>.c..%.^.Q..oeed^....Q...06.......9".w..<.<......p............3...D.o.)..T\.z.y0%..e.P^Y.s^...]oN#......,D....nwY>4........<.n...j......:..o.&"A......erpc.Xy.F..K.......w.6....:].c.C.N.M..nQ..%..K..........2..&s..r.s...gzE"..............$.*............v.l.8..-..8e|.6r\..8h.XM..$.z.USom}O.....T...n..*.....`.P(........|Bd...L/WG....[..... M`1..v.o.=Yc....a..\....:L..nZ.c..T.v.....UYh.Y*.6.hg....F..|d7}.[..8...w0..e....Z.S.U.A...P$.8.^l.a.\.Wj.:!.x]........x.f{..46...-...^.X.`O.^..%p. Z.L..RF....g../.....-/..........T..Z..y..#.V.
                                        C:\Users\user\3D Objects\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\701PV3Y5\www.msn[1].xml
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):13
                                        Entropy (8bit):2.469670487371862
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                        SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                        SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                        SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                        Malicious:false
                                        Preview: <root></root>
                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\NUV3GIIA\contextual.media[1].xml
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{74474380-7126-11EB-90E4-ECF4BB862DED}.dat
                                        Process:C:\Program Files\internet explorer\iexplore.exe
                                        File Type:Microsoft Word Document
                                        Category:dropped
                                        Size (bytes):24152
                                        Entropy (8bit):1.7576606898529799
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6E3856A8FB1A900E727C3BC6A04C9439
                                        SHA1:AE5C475225DBC640E21CAA25056AB481406C23E7
                                        SHA-256:911C5FDD503B8BE8798F55F5CB779BE662F5851486CA242E539F6BB81BD27031
                                        SHA-512:2A7718AD3F55841CB67A47CE54B13147AACCCCA8CDD79C4DC07A0F6D729B9CD6232FB754147449CBADD9C24AD2D79360388953C8A2D05D4A2E1597E8070F8669
                                        Malicious:false
                                        Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74474382-7126-11EB-90E4-ECF4BB862DED}.dat
                                        Process:C:\Program Files\internet explorer\iexplore.exe
                                        File Type:Microsoft Word Document
                                        Category:dropped
                                        Size (bytes):195410
                                        Entropy (8bit):3.581805449665724
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CE7574D31EED7AA0A85101993E358D92
                                        SHA1:B7A54DAE396B8B98550A4A3CE063436B5BA3A260
                                        SHA-256:BC2A03E9C3BD524196AA8973D87159FC74B6A8B43839F0425A28EB28859DB901
                                        SHA-512:2CF695D765B4D85EA9462761103920F2DFCCC4F35E0CF320A003D9F100C18FF9F41CC9C3A44B8634AEF2FA2C5B5BE6322C36E93C077FB438AA7BEC9204699F01
                                        Malicious:false
                                        Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):934
                                        Entropy (8bit):7.037288415181528
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CC8E8EBE3513DD370854A77A9227ECC7
                                        SHA1:621CD4157F03B0EF92EEB82F85C7B3C41B322CEE
                                        SHA-256:D03D4D53BD0DFFCF173E80C585F71C813B67D4110D73D164C326F5720471A525
                                        SHA-512:A8D5995385035018B8A93BD7333460A35ADFC1BC81C6A357B646B8188799547EB98E5B43EA50144E20CA39946035D37CBACBB99975F2BF7C6BA874CE0617EC31
                                        Malicious:false
                                        Preview: E.h.t.t.p.s.:././.s.t.a.t.i.c.-.g.l.o.b.a.l.-.s.-.m.s.n.-.c.o.m...a.k.a.m.a.i.z.e.d...n.e.t./.h.p.-.n.e.u./.s.c./.2.b./.a.5.e.a.2.1...i.c.o......PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`. ... .............-`......-`....
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\85-0f8009-68ddb2ab[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                        Category:dropped
                                        Size (bytes):392034
                                        Entropy (8bit):5.323431882499521
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D128B8A8550C25D79F778DEEF0112932
                                        SHA1:C265605E4B5C149D3B2E0BBAAE3B8ECF370EE1B6
                                        SHA-256:67BB2A429BD80B60B80C4FDC8A91B90471F91E9A1C80873CBDC11D6B68F3745F
                                        SHA-512:92ABA51CF7256E1C15F89830BBE045DD337862732D403549344E9A767179573B1C4630CF74E36805AA4520F6AA5382DA8F55E9BCB1876B5795C9CED7F74FACE7
                                        Malicious:false
                                        Preview: var awa,behaviorKey,Perf,globalLeft,Gemini,Telemetry,utils,data,MSANTracker,deferredCanary,g_ashsC,g_hsSetup,canary;window._perfMarker&&window._perfMarker("TimeToJsBundleExecutionStart");define("jqBehavior",["jquery","viewport"],function(n){return function(t,i,r){function u(n){var t=n.length;return t>1?function(){for(var i=0;i<t;i++)n[i]()}:t?n[0]:f}function f(){}if(typeof t!="function")throw"Behavior constructor must be a function";if(i&&typeof i!="object")throw"Defaults must be an object or null";if(r&&typeof r!="object")throw"Exclude must be an object or null";return r=r||{},function(f,e,o){function c(n){n&&(typeof n.setup=="function"&&l.push(n.setup),typeof n.teardown=="function"&&a.push(n.teardown),typeof n.update=="function"&&v.push(n.update))}var h;if(o&&typeof o!="object")throw"Options must be an object or null";var s=n.extend(!0,{},i,o),l=[],a=[],v=[],y=!0;if(r.query){if(typeof f!="string")throw"Selector must be a string";c(t(f,s))}else h=n(f,e),r.each?c(t(h,s)):(y=h.length>0,
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA3e6zI[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):357
                                        Entropy (8bit):6.88912414461523
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:272AC060E600BD15C7FA44064B5C150F
                                        SHA1:27C267507F3A73AAD9E3CA593610633A7E8AF773
                                        SHA-256:578548F464A640FC0D8C483A1FDC9399436C27391B17572484416492A5485009
                                        SHA-512:B8CF6622A690DB0A81FE08AE052EC945FD3A1439C3F0A2B85DB113D33EAFD4F08F8B8C9E2C7B69ED623BE24B7AB4290D38FA2B945666DF762D6E672068ED2FB9
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA3e6zI.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs...........~.....IDAT8O....0...,@CKCKGI..l..........l@M..,..8<#..$)."..gK.'Y.7q@?p..k......."J...}.y.......(...(.m.a...(.,..".2...|..g.!P.h....*8.s.>1...@U.`..{`..TUueo...&o..a...4e..[..).i....R..`.......7.......Tv..q...!.7N..U`FP.='.(.qL..}.E.y..1>...H..a.BL.Y:x....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA6SFRQ[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):749
                                        Entropy (8bit):7.581376917830643
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C03FB66473403A92A0C5382EE1EFF1E1
                                        SHA1:FCBD6BF6656346AC2CDC36DF3713088EFA634E0B
                                        SHA-256:CF7BEEC8BF339E35BE1EE80F074B2F8376640BD0C18A83958130BC79EF12A6A3
                                        SHA-512:53C922C3FC4BCE80AF7F80EB6FDA13EA20B90742D052C8447A8E220D31F0F7AA8741995A39E8E4480AE55ED6F7E59AA75BC06558AD9C1D6AD5E16CDABC97A7A3
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA6SFRQ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J.....IDAT8O.RMHTQ.>..fF...GK3. &g.E.(.h..2..6En......$.r.AD%..%.83J...BiQ..A`...S...{.....m}...{..}.......5($2...[.d....]e..z..I_..5..m.h."..P+..X.^..M....../.u..\..[t...Tl}E^....R...[.O!.K...Y}.!...q..][}...b......Nr...M.....\s...\,}..K?0....F...$..dp..K...Ott...5}....u......n...N...|<u.....{..1....zo..........P.B(U.p.f..O.'....K$'....[.8....5.e........X...R=o.A.w1.."..B8.vx.."...,..Il[. F..,..8...@_...%.....\9e.O#..u,......C.....:....LM.9O.......; k...z@....w...B|..X.yE*nIs..R.9mRhC.Y..#h...[.>T....C2f.)..5....ga....NK...xO.|q.j......=...M..,..fzV.8/...5.'.LkP.}@..uh .03..4.....Hf./OV..0J.N.*U......./........y.`......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1cEP3G[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):1103
                                        Entropy (8bit):7.759165506388973
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:18851868AB0A4685C26E2D4C2491B580
                                        SHA1:0B61A83E40981F65E8317F5C4A5C5087634B465F
                                        SHA-256:C7F0A19554EC6EA6E3C9BD09F3C662C78DC1BF501EBB47287DED74D82AFD1F72
                                        SHA-512:BDBAD03B8BCA28DC14D4FF34AB8EA6AD31D191FF7F88F985844D0F24525B363CF1D0D264AF78B202C82C3E26323A0F9A6C7ED1C2AE61380A613FF41854F2E617
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................U....sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..[h\E...3..l.......k....AZ->..}S./.J..5 (H..A.'E...Q.....A..$.}...(V..B.4..f...I...l"...;{...~...3#.?.<..%.}{......=..1.)Mc_..=V..7...7..=...q=.%&S.S.i,..].........)..N...Xn.U.i.67.h.i.1I>.........}.e.0A.4{Di."E...P.....w......|.O.~>..=.n[G..../...+......8.....2.....9.!.........].s6d......r.....D:A...M...9E..`.,.l..Q..],k.e..r`.l..`..2...[.e<.......|m.j...,~...0g....<H..6......|..zr.x.3...KKs..(.j..aW....\.X...O.......?v...."EH...i.Y..1..tf~....&..I.()p7.E..^.<..@.f'..|.[....{.T_?....H.....v....awK.k..I{9..1A.,...%.!...nW[f.AQf......d2k{7..&i........o........0...=.n.\X....Lv......;g^.eC...[*).....#..M..i..mv.K......Y"Y.^..JA..E).c...=m.7,.<9..0-..AE..b......D*.;...Noh]JTd.. .............pD..7..O...+...B..mD!.....(..a.Ej..&F.+...M]..8..>b..FW,....7.....d...z........6O).8....j.....T...Xk.L..ha..{.....KT.yZ....P)w.P....lp.../......=....kg.+
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1cG73h[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):917
                                        Entropy (8bit):7.682432703483369
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3867568E0863CDCE85D4BF577C08BA47
                                        SHA1:F7792C1D038F04D240E7EB2AB59C7E7707A08C95
                                        SHA-256:BE47B3F70A0EA224D24841CB85EAED53A1EFEEFCB91C9003E3BE555FA834610F
                                        SHA-512:1E0A5D7493692208B765B5638825B8BF1EF3DED3105130B2E9A14BB60E3F1418511FEACF9B3C90E98473119F121F442A71F96744C485791EF68125CD8350E97D
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................U....sRGB.........gAMA......a.....pHYs................*IDATHK.V;o.A..{.m...P,..$D.a...*.H.."...h.....o....)R(..IA...("..........u...LA.dovfg....3.'.+.b....V.m.J..5-.p8.......Ck..k...H)......T.......t.B...a... .^.......^.A..[..^..j[.....d?!x....+c....B.D;...1Naa..............C.$..<(J...tU..s....".JRRc8%..~H..u...%...H}..P.1.yD...c......$...@@.......`.*..J(cWZ..~.}..&...*.~A.M.y,.G3.....=C.......d..B...L`..<>..K.o.xs...+.$[..P....rNNN.p....e..M,.zF0....=.f*..s+...K..4!Jc#5K.R...*F. .8.E..#...+O6..v...w....V...!..8|Sat...@...j.Pn.7....C.r....i......@.....H.R....+.".....n....K.}.].OvB.q..0,...u..,......m}.)V....6m....S.H~.O.........\.....PH..=U\....d.s<...m..^.8.i0.P..Y..Cq>......S....u......!L%.Td.3c.7..?.E.P..$#i[a.p.=.0..\..V*..?. ./e.0.._..B.]YY..;..\0..]..|.N.8.h.^..<(.&qrl<L(.ZM....gl:.H....oa=.C@.@......S2.rR.m....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dJD79[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):24613
                                        Entropy (8bit):7.945562568556097
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:95BB2FC7E9B6A85427819C801F2E6D48
                                        SHA1:E3831D64267B66DB5093B5B45F7B3BE8862AFBC5
                                        SHA-256:E0ABD73DC70D56970F4A838451C06DB24924A950103D58F4E9F35C13ED8AE0E9
                                        SHA-512:DD74F1F3E31DDA299D596AC90F0661AFA0D8DCAFF12450AA3C3768AA812644695EB69CC82E24137DE09108A2E6F2CA9B1FDB966AD0E438F7E48C23639AED2157
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJD79.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=515&y=190
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...........V..MH~....u;.....~.... .V}.L{.SZK....r.....`S..h..u.!Pz...)A.j...J\.S[.....R."...g.4J.Y..V.4...C.@...4.Jb....P1~...:.N......L.;.6.p.4f.)0h.&....P.OZ1K.....S......\Q.j@%.....7.S.E. ..........S.:...z.m..O.....QK@..M..Ph../..[..d...K ..sL..............c..?.?..iLeMp..T?.?.ER\g./...?.}.J~.....Kr....N..}.......nx.f........S.....s?.T..Om.....#In.c..
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dJNAo[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):5866
                                        Entropy (8bit):7.868156277003335
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DA2C46DDB310BEEF3E83381589F36A65
                                        SHA1:9248D5A8A24B4817228DD64EA58B9CA8D378CC01
                                        SHA-256:FC3006B34FCE43A746D5F2F58B58F13B4BE7FD44F7718ADBFC4D2E5F68C9228C
                                        SHA-512:296774B4FB6E37CD8F28D430245EF94F6528EB7509AA4AE2BB4265239F563CC1352AEFAC052F1144CEC20EC59430A63F3A9E8C01BD397E9CF8F685076A35D946
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJNAo.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Fj.%;}ID..B....$.......).....IFh..(. ..e....mzuU..+.z..E....Q.#.....R.@..q.4..M4.N".(.......@..i....I..#....^;.@)&..6.Zi...i3A..@.5V...0.q9n.FMO#mR.'..j.`..,.i..7.....B..}.e......E.4.^...7.TT...X....Zp..X...K.i.........x..K..*.7R......W..!........v.F.yK..U..,..y........K./...R..x..Y.&....._S@..Q..e...g._SI./...Q.;...q..*SE.#..<.c..Nb_S@..4..a_SHa_S@...V.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dJNdi[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3
                                        Category:downloaded
                                        Size (bytes):8460
                                        Entropy (8bit):7.941742534501375
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1E9196DD03EAEF28D691DB282E63B45F
                                        SHA1:BFA5591C62E2150269B783305D16C54332FEF6DB
                                        SHA-256:2D405B232CF64C99AE403FDCA4200857B3C94DE8F9F3090069E63629E536741F
                                        SHA-512:F331B98144B8563B772844A9D7D708581F7FED76937BCBFB2C071BA9F25A6BEA63C20BF082E633CB9F1DD04E35F3FFD7462548B4945ECBCC5FEDA10A0E7EC811
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJNdi.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jpg&x=853&y=199
                                        Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Dg.4.lqK..).0.U..le.].i.g.K.(...T..1.....y4.~p(. ....17RjQ.....rp(...7CO.H.&...N(...E...z.............i|....*.JC.'4...(..N......O(.&..#..x.(..5'.q@...2"X..M.wp.Lc&..#...<..$..w..N[.w.GJ.q..{.y;.....i.dA..9.Q.h.0<.E..4.......H.......&.,.2...M2.q@.....2A..&q....YF.Q>.#P&..1.g54rH.....:@.n.-.....K5u...K(.....0. .c..;"(m.@.EH...+@......&..7.N....m..jA...@\.D...#[
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dJQai[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):7632
                                        Entropy (8bit):7.873339777174056
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:27773C8AFAA4C02BE3C2F0414AB6BF7A
                                        SHA1:24CEB117C7DC3B8404BF107701163969E4CEDDBC
                                        SHA-256:674251342495332B8447F462C94B34E68A4258A89617E626F8DE42AA30C4CBEE
                                        SHA-512:F3FE31C6F6B99634E9335070EDF60D4207BC8AE59F6A5F81866617358B89EB945C7EB5BB1537D0F9C99ED94D46447FD2818C9BF6FF249CE2967CF7D041F71A3E
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJQai.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.v."`.[...,....Z.j..[)hsJ:.q..H...1..jq8...K.qD...N........s.G5...>ZF....S.....4.c2.lv...*ic.jX!.U...d%Fj./.Tv.....X.@......LS.(...R...&)....b.S...J..R.R.m..R..OJ.,E.Z..RE.;...[5'&.KdN..[.....+....z......vW,.........:...x....aWrOJO(g.Y..-...W...v.E.*.:-'..J..~.l%j...}..?Z..Z...O?.?Z..Z...).'Ie....Qc....PY...in....8....p.......:.+..J......Zjl..n+b.@:c<.;
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dJUeK[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):12851
                                        Entropy (8bit):7.945682970568374
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B93A70826E41E971BD54B8B189D53469
                                        SHA1:265DF1D15FD7CAD8284AA0E2BF958DBB8C32105A
                                        SHA-256:A6E4CC429E78F5854028FBEC3C8CA5A50B588B7236D673C98B847DEB7843E0AD
                                        SHA-512:50239102823387A2C43FB4F23E33F2D84F74A299BD0F2D256FD8881D598DE85FC8E0AE2862C1BD37C0971FB0B22AB104A62E4E6EF0560085A823547E3C58CD60
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJUeK.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Y.M..+wJ..i...=k.$..4..tv..z.S].U.k.....(..c4.m....=y.>.d..~ty...F..}Ew+.=.d.VV....iVkuva*..k....~ty......K....c6.0.|.$f..6.......{.x.too........@cdJ.0.:`.{P.2...k..S.....%..2L.m..4.E8l.5.. @...`.>..>..........o,.~d......<..c....>.g..G.,\.C.E...*....-.(.0.'........G...G.=...M4e:c4.y.*..&..|..g...(......MY..d.{.;.2 .%@..5.f....(w........?.&T`s\...
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dJhty[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):12722
                                        Entropy (8bit):7.941205249342303
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BC283CC9C55B9E943AA30403E10EB3B6
                                        SHA1:2857BDF43B693286860009FCB2505DAC51DB40EF
                                        SHA-256:56DBD4D5F5B5F1D8D24E4189310875A3F33EF82F7C9AB28F4828FCAFDD474F6A
                                        SHA-512:5A7552C5F5F315D8385C8DC99D988F6CBE04FB7F9FC573B5701AE3D81AFBB1ECBF8A7A72B08F302583F446E858255A2A95EBD40C3931B1284AFE853E0F7A73A4
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJhty.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....:...j..a..\..c.b27J.......m^..{...j....e,Q.Z)2......e!....Q..P...r6..}kW.F.p..=..l...(..^)H...?.1._.?..*1...Rw.|U..8..R/+...y..a..\.p.....R..1.'..5..O#....N.H.8|. ...:f...... .9...[.........j...j:...).)...)h..H.&)..Q.w..Hi.SH..M4.4...L4.L5,cM..).[},....i..c...W..".vB.Q..d..8....*p*......~...(.s.R.Ep..KE.,....*.HJ.{..I..Vi.eH=1H...4.......8...:..(..R.s.H.4
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dJyhN[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):9805
                                        Entropy (8bit):7.908987824791708
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:038092135F21A20ED4547A86C68D8FFF
                                        SHA1:F4A3F38925F9218AA5D270468C925F499CF02C4B
                                        SHA-256:6F3B8905695BE7E89E9C1C1A74AF53FFD5165503097F88C3E88D89B43565CF47
                                        SHA-512:06EC1E7D6D00527BE1F4F16FCDDAB19AABEE88BBB0C027182215C4BDADB718B804A45883165A2BC1B490444BBF82B684BE59F3DF41AC4CD113A66576F95C0A38
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJyhN.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...1Z..IK.(.(.....)q@.......ZJ.(..P.QK.J.(.....RR..ZZJ)..)..NE2...KK..U..... .U.K..I....KQ. p...,\...u..f...(.0..(......(..9*Z(.L..(.......QE..(...p.QF(...(..I.Z(....I@.KIE.:.(.b.(..b..(...FpO....".k.......x...c~..[.,...RX.QE.....Z.Z)(..-.QHaE.P.)I.Z*......J(....R....(.QE..QE...Ph. .4.....Q@...(..ZJZ..ZJZ.......)Z6.5.kt....i.#d........u..`..j.`FEIi.u.Q@.....(...4R
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dJz5i[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):18778
                                        Entropy (8bit):7.918986741458725
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:256CA730EBD10A7C8393A5CAFDAA571B
                                        SHA1:021A09B0C95D13EB539DE5EE9DADFC37D650B864
                                        SHA-256:EA47C31E2E7DFDE8B398F196E3811840F72C71FF9C12F519977FDB76CD173ED3
                                        SHA-512:8C01046622CBDDE71C78A859127FA79FBF8A0B731449FD14350FEA401958B8B413769B8899ED08CDF2C82D434E88177C8CEDC8E3ED2C6FD8415FFC678AC6D854
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJz5i.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..(....E%...RQ@.E%. ..JZ.)i(.....@....=...;.kHF.l..i<.QQ....y..4..9..!..>..SQf.....4.i.h.d.'.O.(...4f. &..Z_4.4...M..Z<.Q.Z,...4.>..T...hI..J.4...i|..\?.$.....Q.;..*...p..M.P:.0...._.Y6?z..^....~....Y.|.G.j<.N.J$#.J.f...?5)EX...)..:...(...)(...E..(..`.QE.-.Q@......(...Z(......Z(...J)(.........!;.y...g.N-_.^).6.Rc..i.e.B......(.......(...ZJ(......(...-%...QE .ZJ).R.R
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dK00N[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):8945
                                        Entropy (8bit):7.942343938372515
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E792FA4F6AD77E0A26F655B3EFA9CAC6
                                        SHA1:B2038423A828CB4B543BA9A95B3FFA405E5F17B4
                                        SHA-256:762E20FD60B9D83B596DA16E8673706D7C0D452C45963721F92EE52F3C5E14A3
                                        SHA-512:4D5A12D85085721FD3AB45BDADA646A4FABFD45F195D7D1623FFE2D33F4B5368279F39106A07DD72C7933CDE7B47875F267A607CB69BF36A36C91E05F84685BF
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dK00N.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=323&y=125
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..).tq.I...?*r.h#..,.Q.....b..u.*u....l_..F.....;[.c.#..3....P....r.o`T.._.-.R.........F>c......T...../.|d......X.n....N..8...U..Y.#..V~I,.vs.....]......b..t~U`ZNvb.>~./^..x.7(..:...G...?*6/.G.N..Y..v..4r[2.H.....Z.H.dc..}*......}MV.|...4...[....b..t~T.1N.Wcv/.G.F........Y......R.k...S....7._......R...`...T~T.%.~T.0h..Y............K...M". ..wU.RR..(.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1kc8s[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):799
                                        Entropy (8bit):7.616735751178749
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2C55F358C8213245D8DE540D89B76ED0
                                        SHA1:413A0EA00DBB2A54C6A3933B8864E1847D795124
                                        SHA-256:D11901D46370D97173C94754B69E90D7540FAF1F5C571C5E521E3A062FBF0A77
                                        SHA-512:0385C2FE61CFFF69EE6A85D13003B4729B93132007294DF3407DAAB97318157C421940D689E01B6CE5360A57029393FEAB949A83647DF22D43DF5064E7B82DD0
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1kc8s.img?m=6&o=true&u=true&n=true&w=30&h=30
                                        Preview: .PNG........IHDR.............;0......sRGB.........gAMA......a.....pHYs..........o.d....IDATHK.kZQ....W.Vc.-m,...&`....`."....b...%...E2...&.R*...*...A0......d."......>o-i....~...9...=?.!C.\{.j.bmmMR.V_.D......P(..j.*.Z-]..?...uV_...>.o.e.o..a.d21....|>..mh4..J...........g..H.......;..C.R..."........J....Q.9..^.......8>??O.zo.Z.h4.N...r9...).......>R.9...Kz..W.T....J.w.3fee..*a; ......+.X._]]....?q.\w.Ri.n.............p...CJ.N.Y....l:..).......d2.5..1.3d....\.s....6....nQ..Q...E..d.......l..B!2...G".H&..........ag5..ZR^..0.p.......4...\.2...6.....).........Xj.Ex.n.....&.Z.d.X..#V.b..lll..[...&''i........x....*8...w3..=.A...E..M.T..!8...Q(....L6)..r........h4..>......yj...j.9.:....f..+'._#......j..I...&.0.H4....<R...:....7.Y...n.......Z.s..2.....#A.j:s.....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB5zDwX[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):704
                                        Entropy (8bit):7.504963021970784
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C7DBA01C92D1B9060E51F056B26122BC
                                        SHA1:440F7FC2EE80D3A74076C6709219F29A31893F86
                                        SHA-256:156AE4B3A7EF2591982271E4287B174CDC4C0EE612060AD23E5469ED1148D977
                                        SHA-512:95EF6D3FA8050C25CA83DCFFA8F7D9647C71A60EEEC81A10AE5820EB52D65C009A7699A4A581BAE5254685AA391404DFB3206EDAEDCBC38D7F0083D0F5DD8FC7
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB5zDwX.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J....UIDAT8O.._HSa....6WQXZ..&Dta2........*......!x.D..$..Vb..0...H*........n...?.{.v.!.X....;...|..x.q....&...q....Z.?&hmi.@w'...*.h....=..n.Y.\.Y..Kg..h9.<.5.V..:y.....:....BA:w...t....%..q....2.......k.gS..W}Ts...6_3....[..T......;.j.].XO.D\7...A=O.j/PF.we.(...K.1@.5........@...1YJ.g...U..c/..(...:..3`[.X..H........*...a..@Pe...n.z....05.... .C0Y ...Ly.H............_!...... ..F(..ES%f...........1.......0.....?.+Q...yN..*K.L0....M!.H..e.I.ct|....f.U... l..7!.J.a.O.....X.UG..RS`..;..p...6H...).t*....[.n.w..Z`..^>j..J.....d=...B...Q....D<.5........$..x.$.l%F..D#A....S....A ....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB7gRE[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):482
                                        Entropy (8bit):7.256101581196474
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:307888C0F03ED874ED5C1D0988888311
                                        SHA1:D6FB271D70665455A0928A93D2ABD9D9C0F4E309
                                        SHA-256:D59C8ADBE1776B26EB3A85630198D841F1A1B813D02A6D458AF19E9AAD07B29F
                                        SHA-512:6856C3AA0849E585954C3C30B4C9C992493F4E28E41D247C061264F1D1363C9D48DB2B9FA1319EA77204F55ADBD383EFEE7CF1DA97D5CBEAC27EC3EF36DEFF8E
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB7gRE.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J....wIDAT8O.RKN.0.}v\....U....-.. ......8..{$...z..@.....+.......K...%)...I......C4.../XD].Y..:.w.....B9..7..Y..(.m.*3. .!..p..,.c.>.\<H.0.*...,w:.F..m...8c,.^........E.......S...G.%.y.b....Ab.V.-.}.=..."m.O..!...q.....]N.)..w..\..v^.^...u...k..0.....R.....c!.N...DN`)x..:.."*Brg.0avY.>.h...C.S...Fqv._.]......E.h.|Wg..l........@.$.Z.]....i8.$).t..y.W..H..H.W.8..B...'............IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBPfCZL[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:GIF image data, version 89a, 50 x 50
                                        Category:downloaded
                                        Size (bytes):2313
                                        Entropy (8bit):7.594679301225926
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:59DAB7927838DE6A39856EED1495701B
                                        SHA1:A80734C857BFF8FF159C1879A041C6EA2329A1FA
                                        SHA-256:544BA9B5585B12B62B01C095633EFC953A7732A29CB1E941FDE5AD62AD462D57
                                        SHA-512:7D3FB1A5CC782E3C5047A6C5F14BF26DD39B8974962550193464B84A9B83B4C42FB38B19BD0CEF8247B78E3674F0C26F499DAFCF9AF780710221259D2625DB86
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: GIF89a2.2.....7..;..?..C..I..H..<..9.....8..F..7..E..@..C..@..6..9..8..J..*z.G..>..?..A..6..>..8..:..A..=..B..4..B..D..=..K..=..@..<..:..3~.B..D.....,|.4..2..6..:..J..;..G....Fl..1}.4..R.....Y..E..>..9..5..X..A..2..P..J../|.9.....T.+Z.....+..<.Fq.Gn..V..;..7.Lr..W..C..<.Fp.]......A.....0{.L..E..H..@.....3..3..O..M..K....#[.3i..D..>........I....<n..;..Z..1..G..8..E....Hu..1..>..T..a.Fs..C..8..0}....;..6..t.Ft..5.Bi..:.x...E.....'z^~.......[....8`..........;..@..B.....7.....<.................F.....6...........>..?.n......g.......s...)a.Cm....'a.0Z..7....3f..<.:e.....@.q.....Ds..B....!P.n...J............Li..=......F.....B.....:r....w..|..........`..[}.g...J.Ms..K.Ft.....'..>..........Ry.Nv.n..]..Bl........S..;....Dj.....=.....O.y.......6..J.......)V..g..5.......!..NETSCAPE2.0.....!...d...,....2.2........3.`..9.(|.d.C .wH.(."D...(D.....d.Y......<.(PP.F...dL.@.&.28..$1S....*TP......>...L..!T.X!.(..@a..IsgM..|..Jc(Q.+.......2.:.)y2.J......W,..eW2.!....!....C.....d...zeh....P.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBX2afX[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):688
                                        Entropy (8bit):7.578207563914851
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:09A4FCF1442AD182D5E707FEBC1A665F
                                        SHA1:34491D02888B36F88365639EE0458EDB0A4EC3AC
                                        SHA-256:BE265513903C278F9C6E1EB9E4158FA7837A2ABAC6A75ECBE9D16F918C12B536
                                        SHA-512:2A8FA8652CB92BBA624478662BC7462D4EA8500FA36FE5E77CBD50AC6BD0F635AA68988C0E646FEDC39428C19715DCD254E241EB18A184679C3A152030FD9FF8
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................U....sRGB.........gAMA......a.....pHYs..........o.d...EIDATHK.Mh.A......4.....b.Zoz....z.".....A../.X.../........"(*.A.(.qPAK/......I.Yw3...M...z./...7..}o...~u'...K_...YM...5w1b....y.V.|.-e.i..D...[V.J...C......R.QH.....:....U.....].$]LE3.}........r..#.]...MS.....S..#..t1...Y...g........ 8."m......Q..>,.?S..{.(7.....;..I.w...?MZ..>.......7z.=.@.q@.;.U..~....:.[.Z+3UL#.........G+3.=.V."D7...r/K.._..LxY.....E..$..{. sj.D...&.......{.rYU..~G....F3..E...{. ......S....A.Z.f<=.....'.1ve.2}[.....C....h&....r.O..c....u... .N_.S.Y.Q~.?..0.M.L..P.#...b..&..5.Z....r.Q.zM'<...+.X3..Tgf._...+SS...u........*./.....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\a8a064[1].gif
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:GIF image data, version 89a, 28 x 28
                                        Category:downloaded
                                        Size (bytes):16360
                                        Entropy (8bit):7.019403238999426
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3CC1C4952C8DC47B76BE62DC076CE3EB
                                        SHA1:65F5CE29BBC6E0C07C6FEC9B96884E38A14A5979
                                        SHA-256:10E48837F429E208A5714D7290A44CD704DD08BF4690F1ABA93C318A30C802D9
                                        SHA-512:5CC1E6F9DACA9CEAB56BD2ECEEB7A523272A664FE8EE4BB0ADA5AF983BA98DBA8ECF3848390DF65DA929A954AC211FF87CE4DBFDC11F5DF0C6E3FEA8A5740EF7
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
                                        Preview: GIF89a.......dbd...........lnl.........trt..................!..NETSCAPE2.0.....!.......,..........+..I..8...`(.di.h..l.p,..(.........5H.....!.......,.........dbd...........lnl......dfd....................../..I..8...`(.di.h..l..e.....Q... ..-.3...r...!.......,.........dbd..............tvt...........................*P.I..8...`(.di.h.v.....A<.. ......pH,.A..!.......,.........dbd........|~|......trt...ljl.........dfd......................................................B`%.di.h..l.p,.t]S......^..hD..F. .L..tJ.Z..l.080y..ag+...b.H...!.......,.........dbd.............ljl.............dfd........lnl..............................................B.$.di.h..l.p.'J#............9..Eq.l:..tJ......E.B...#.....N...!.......,.........dbd...........tvt.....ljl.......dfd.........|~|.............................................D.$.di.h..l.NC.....C...0..)Q..t...L:..tJ.....T..%...@.UH...z.n.....!.......,.........dbd..............lnl.........ljl......dfd...........trt...
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\checksync[1].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines
                                        Category:dropped
                                        Size (bytes):20808
                                        Entropy (8bit):5.3018084083386
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F20E359D299221FAA621EEED8710C7CE
                                        SHA1:CDE9D4EAA1954C0BDC907377024AB11A62EBC3C6
                                        SHA-256:BC6612574C7F898BCA97BB62CEB242821B9EDEE9B5A01F30113E0C4189CA72A0
                                        SHA-512:477A7A1D520D0A580358B36F368FB625A692D5F6701FE4AD5FAA617A87A5C1027ECF95FDB07ED0E5AB09A504C62DBDAF89FDD1A5B153D6B4AAEC460E8EB76A47
                                        Malicious:false
                                        Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":75,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\checksync[2].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines
                                        Category:dropped
                                        Size (bytes):20808
                                        Entropy (8bit):5.3018084083386
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F20E359D299221FAA621EEED8710C7CE
                                        SHA1:CDE9D4EAA1954C0BDC907377024AB11A62EBC3C6
                                        SHA-256:BC6612574C7F898BCA97BB62CEB242821B9EDEE9B5A01F30113E0C4189CA72A0
                                        SHA-512:477A7A1D520D0A580358B36F368FB625A692D5F6701FE4AD5FAA617A87A5C1027ECF95FDB07ED0E5AB09A504C62DBDAF89FDD1A5B153D6B4AAEC460E8EB76A47
                                        Malicious:false
                                        Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":75,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\checksync[3].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\checksync[4].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e151e5[1].gif
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:GIF image data, version 89a, 1 x 1
                                        Category:downloaded
                                        Size (bytes):43
                                        Entropy (8bit):3.122191481864228
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F8614595FBA50D96389708A4135776E4
                                        SHA1:D456164972B508172CEE9D1CC06D1EA35CA15C21
                                        SHA-256:7122DE322879A654121EA250AEAC94BD9993F914909F786C98988ADBD0A25D5D
                                        SHA-512:299A7712B27C726C681E42A8246F8116205133DBE15D549F8419049DF3FCFDAB143E9A29212A2615F73E31A1EF34D1F6CE0EC093ECEAD037083FA40A075819D2
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
                                        Preview: GIF89a.............!.......,...........D..;
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fcmain[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines, with no line terminators
                                        Category:downloaded
                                        Size (bytes):38158
                                        Entropy (8bit):5.070863715014493
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D599B7706B8C9199FF7EAB84F8DFE500
                                        SHA1:E8E2017501BAEE26EA232D73725B371C82CBE007
                                        SHA-256:7A98BBFCB053C99DFC0C70FF16A6F4CC4E536A14649854A09DE5844A0874BB4C
                                        SHA-512:C269C0533A05D408DCBCA9E6E21616EB38336473839EB888F223D4FBBF9AB0ED7A5CB70C2C603173DA886E403C580B8CA4B4F96BF45A12ECC00CE50616041212
                                        Malicious:false
                                        IE Cache URL:https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=722878611&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1613537159853216342&ugd=4&rtbs=1&nb=1&cb=window._mNDetails.initAd
                                        Preview: ;window._mNDetails.initAd({"vi":"1613537159853216342","s":{"_mNL2":{"size":"306x271","viComp":"1613494122664371193","hideAdUnitABP":true,"abpl":"3","custHt":"","setL3100":"1"},"lhp":{"l2wsip":"2887305297","l2ac":"","sethcsd":"set!N7|983"},"_mNe":{"pid":"8PO641UYD","requrl":"https://www.msn.com/de-ch/?ocid=iehp#mnetcrid=722878611#"},"_md":[],"ac":{"content":"<!DOCTYPE HTML PUBLIC \"-\/\/W3C\/\/DTD HTML 4.01 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/html4\/loose.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head><meta http-equiv=\"x-dns-prefetch-control\" content=\"on\"><style type=\"text\/css\">body{background-color: transparent;}<\/style><meta name=\"tids\" content=\"a='800072941' b='803767816' c='msn.com' d='entity type'\" \/><script type=\"text\/javascript\">try{window.locHash = (parent._mNDetails && parent._mNDetails.getLocHash && parent._mNDetails.getLocHash(\"722878611\",\"1613537159853216342\")) || (parent._mNDetails[\"locHash\"] && paren
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_199655af051ff7c0f5750635e94a1c08[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):43979
                                        Entropy (8bit):7.983726195586281
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AB6CAD136C683AFFDD2E13F6FF9D8064
                                        SHA1:C64BC83FD3154EE63845D9F882C8C44C9B7F8D30
                                        SHA-256:DFD4CCBBA01062D701E1B75DC0AB53FE0198123617B4E377DDF9101FE7C0C9FF
                                        SHA-512:528D62FD14D4F062E2D54D7053992C22DCD53B27583E0038D567984F270E970C383B77FDCC39C948F5D0B3EE05447366162200E1CCA0302364AA273376DB374E
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F199655af051ff7c0f5750635e94a1c08.jpeg
                                        Preview: ......JFIF.....................................................................&""&0-0>>T.............................%......%!(!.!(!;/))/;E:7:ESJJSici.........7...............6..................................................................7.}.8U._.^s.3`k....Z..M..%R....9..mM..gr...r0....n..a.U.....~...e.K.Z..S.OC....e...TU....[...E...].S.2L..r.i..s!......V....F.p>.3?bz..3.1.f.'..r..`/]1O.c.4{`j..A...x.y..0A.g.\....g...W8......E..6.jh.Y]E.R..-R..[$....$.J.!Rg.t0C?....O./.>...z......dl,b>'........Gt....B....h..J<;\J.;0..}.%;.w......OW.5..~y>..Z...4H}.{.k....F..f..?@...A..\.T..Ao.BY...}o..E.]....o..=s..C~..K...]y..Fs1...V.^`...Zg3.A.].p...k.{...M.AJ.:.h&..=.D..OP[(^V..Re.?...5............(.`..vi&r...._3T.C 5..#..3...{,42..{N....@....c..%..]....f*..Y(.....=... ......9}..Qf.Z)u~.K..........)rj..o.\<z. iS!LWS3.f.Q.CP[2*.*.-6..Q.5.%....(..;.q.R..r....]..w..b..<E.K....j".P.M..Q'.}0....7Tlh......r.....+.1.xr.|..5w.......q.u.R...4.u..l.....C....~v..}....<.#.X
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_805351b6218a2f60d3e640217377382b[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):8344
                                        Entropy (8bit):7.913172264286842
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5A9DA26E9BD1DC926778F7CD8C819FCD
                                        SHA1:7DA1D26F62584683F50CB9FAF605482072AE634A
                                        SHA-256:B1C5B3EF60B384C38997B034DD11DCCF3E4B94EACF7540C6E6C28B6EFEBAC3D8
                                        SHA-512:99953E5104DB8833632AABD2714AB22ADC962892478258C17D10105F601D43DB14C79B17697CEF77E860E8118E7725EDDFEA9B56DEAD8A99578A0BEAFF3B9819
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F805351b6218a2f60d3e640217377382b.jpg
                                        Preview: ......JFIF...........................................%......%!(!.!(!;/))/;E:7:ESJJSici................................%......%!(!.!(!;/))/;E:7:ESJJSici.........7...."..........3................................................................"........ ..6k.a...........vu...~..ve..&.s..:q....ThF..;.u....7.3.X|.<.....`..Ip..p.w.....Q..*h<...)p.....w..9.-.^.iO.82...G".d..r.W..0..`...\..Z.M..Z.1..M.o..{...\1..^..e\.k.4.a.....g..1....}.o..}~{.h..N......zW....$.a...I.^./......8...O._..q.....l..Z.i....K:l..q....y.....b.{..\uZ..zw+.......{........N.Q]~...E..j....B....G.]|.n}....|..E.Z..........}l..~{..g...a......>..;.fI....t.F....W*.j/.._..>.._G....].....v...~;....w.<.K....l../....%....y.:..j..6......_5..$.F"..f.K.yg?s....._%....;..+.......V...Z...0.y...<1..L..h[....s5.t:#..>....e..u|..X.X<..k..._..n.U..+.."....8.._.6.S...K....mg.g...XO...{.........8.:...]...Q.y.wV..`.0.r6,.....:.....c..=&.S..m[.X......=6.............S.................
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\log[1].gif
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:GIF image data, version 89a, 1 x 1
                                        Category:dropped
                                        Size (bytes):35
                                        Entropy (8bit):3.081640248790488
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:349909CE1E0BC971D452284590236B09
                                        SHA1:ADFC01F8A9DE68B9B27E6F98A68737C162167066
                                        SHA-256:796C46EC10BC9105545F6F90D51593921B69956BD9087EB72BEE83F40AD86F90
                                        SHA-512:18115C1109E5F6B67954A5FF697E33C57F749EF877D51AA01A669A218B73B479CFE4A4942E65E3A9C3E28AE6D8A467D07D137D47ECE072881001CA5F5736B9CC
                                        Malicious:false
                                        Preview: GIF89a.............,........@..L..;
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\nrrV67478[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with very long lines, with no line terminators
                                        Category:downloaded
                                        Size (bytes):88164
                                        Entropy (8bit):5.423101112677061
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C2DC0FFE06279ECC59ACBC92A443FFD4
                                        SHA1:C271908D08B13E08BFD5106EE9F4E6487A3CDEC4
                                        SHA-256:51A34C46160A51FB0EAB510A83D06AA9F593C8BEB83099D066924EAC4E4160BC
                                        SHA-512:6B9EB80BD6BC121F4B8E23FC74FD21C81430EE10B39B1EDBDEFF29C04A3116EB12FC2CC633A5FF4C948C16FEF9CD258E0ED0743D3D9CB0EE78A253B6F5CBE05D
                                        Malicious:false
                                        IE Cache URL:https://contextual.media.net/48/nrrV67478.js
                                        Preview: var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]||(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)||""===n||null===n||(n=t,"[object Array]"!==Object.prototype.toString.call(n))||!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},n={},t={},a={};function c(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=c("conversionpixelcontroller"),e=c("browserhinter"),o=c("kwdClickTargetModifier"),i=c("hover"),n=c("mraidDelayedLogging"),t=c("macrokeywords"),a=c("tcfdatamanager"),{conversionPixelController:r,browserHinter:e,hover:i,keywordClickTargetModifier:o,mraidDelayedLogging:n,macroKeyw
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\41-0bee62-68ddb2ab[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with very long lines, with no line terminators
                                        Category:dropped
                                        Size (bytes):1238
                                        Entropy (8bit):5.066474690445609
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7ADA9104CCDE3FDFB92233C8D389C582
                                        SHA1:4E5BA29703A7329EC3B63192DE30451272348E0D
                                        SHA-256:F2945E416DDD2A188D0E64D44332F349B56C49AC13036B0B4FC946A2EBF87D99
                                        SHA-512:2967FBCE4E1C6A69058FDE4C3DC2E269557F7FAD71146F3CCD6FC9085A439B7D067D5D1F8BD2C7EC9124B7E760FBC7F25F30DF21F9B3F61D1443EC3C214E3FFF
                                        Malicious:false
                                        Preview: define("meOffice",["jquery","jqBehavior","mediator","refreshModules","headData","webStorage","window"],function(n,t,i,r,u,f,e){function o(t,o){function v(n){var r=e.localStorage,i,t,u;if(r&&r.deferLoadedItems)for(i=r.deferLoadedItems.split(","),t=0,u=i.length;t<u;t++)if(i[t]&&i[t].indexOf(n)!==-1){f.removeItem(i[t]);break}}function a(){var i=t.find("section li time");i.each(function(){var t=new Date(n(this).attr("datetime"));t&&n(this).html(t.toLocaleString())})}function p(){c=t.find("[data-module-id]").eq(0);c.length&&(h=c.data("moduleId"),h&&(l="moduleRefreshed-"+h,i.sub(l,a)))}function y(){i.unsub(o.eventName,y);r(s).done(function(){a();p()})}var s,c,h,l;return u.signedin||(t.hasClass("office")?v("meOffice"):t.hasClass("onenote")&&v("meOneNote")),{setup:function(){s=t.find("[data-module-deferred-hover], [data-module-deferred]").not("[data-sso-dependent]");s.length&&s.data("module-deferred-hover")&&s.html("<p class='meloading'><\/p>");i.sub(o.eventName,y)},teardown:function(){h&&i.un
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\41-0bee62-68ddb2ab[2].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\58-acd805-185735b[1].css
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:UTF-8 Unicode text, with very long lines
                                        Category:dropped
                                        Size (bytes):248287
                                        Entropy (8bit):5.297047810331843
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A0AB539081F4353D0F375D2C81113BF3
                                        SHA1:8052F4711131B349AC5261304ED9101D1BAD1D0A
                                        SHA-256:2B669B3829A6FF3B059BA82D520E6CBD635A3FBA31CDC7760664C9F2E1A154B0
                                        SHA-512:6FA44FDC9FAE457A24AB2CEAB959945F1105CF32D73100EBE6F9F14733100B7AACDD7CA0992DE4FFA832A2CBCD06976F9D666F40545B92462CC101ECDB72685E
                                        Malicious:false
                                        Preview: @charset "UTF-8";div.adcontainer iframe[width='1']{display:none}span.nativead{font-weight:600;font-size:1.1rem;line-height:1.364}div:not(.ip) span.nativead{color:#333}.todaymodule .smalla span.nativead,.todaystripe .smalla span.nativead{bottom:2rem;display:block;position:absolute}.todaymodule .smalla a.nativead .title,.todaystripe .smalla a.nativead .title{max-height:4.7rem}.todaymodule .smalla a.nativead .caption,.todaystripe .smalla a.nativead .caption{padding:0;position:relative;margin-left:11.2rem}.todaymodule .mediuma span.nativead,.todaystripe .mediuma span.nativead{bottom:1.3rem}.ip a.nativead span:not(.title):not(.adslabel),.mip a.nativead span:not(.title):not(.adslabel){display:block;vertical-align:top;color:#a0a0a0}.ip a.nativead .caption span.nativead,.mip a.nativead .caption span.nativead{display:block;margin:.9rem 0 .1rem}.ip a.nativead .caption span.sourcename,.mip a.nativead .caption span.sourcename{margin:.5rem 0 .1rem;max-width:100%}.todaymodule.mediuminfopanehero .ip_
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dIHmK[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):13606
                                        Entropy (8bit):7.92215749877096
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:711AE6E396884694DEFCACA1833C72F1
                                        SHA1:88C23A65CAC4FEF0B4E01EFDB3827F475678B4CE
                                        SHA-256:5EC22DC4987294A66C7B16E425D573AC1D4F5958EBF70EB639C67E8368478A6C
                                        SHA-512:A3ECF2AC027FA278F4E3B830AEB4B74E71D70C0D8D51FEFD768DA9CC2A99FD9A7DD03EA7D89F707C574846DBE78BE3FF36B0598763FE370AC98B2F21100D7A3E
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dIHmK.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..=iF;.t.A..Si..u.'.C.\...S......k[].i.+...a.k+.....0...v..Dj&>fc..<.).....Z..2.tyP...?.j..F.l.H..f.....d..p.'...N6...O..+]....]51..o(..J`.....c..#...d..A\............|.......7c.]....U..q/.M..~.\...%]...z!.)...u..>d.*.U.a8.5.....G2.b.9..........}.G..@.t.........@.+......4..7...i;}...ZWA.`T...G....u(.cYN..s........WQD...4,...h..........m.Z.XE8.a-.0
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dIyJo[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):33720
                                        Entropy (8bit):7.960738170360026
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BEFCFC553A30BAF11243409150F3813D
                                        SHA1:2A4467B21C94D2D005F1D0088149A610EA8BAF21
                                        SHA-256:56ED932DA7197D84C156AF628F16CFA967BBD848C9DE60FE00FC89145E5F6CC9
                                        SHA-512:DCADE55559BB2548F35BC0BC71E6E50CC298E853D78DD4256FADF236C6F98B71472910E67D448BBA5112D922362BE7C105DDB3B3D488D9653FC2EF30E47D7AD6
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dIyJo.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..j(..aHih.....(....F;..4....)(....(....R.P.Q...H~....&}. R...&..x..PSJzP!..b..)9...~..4*.i..I..)..HO.(.$. +M).K.A&.....&1..M?Z.0F...r)2i......O_ZFr3.+.sQ..bl..9....].!.O.0m...P..RFrc..>}z..7u..iA$`..~.,...51.I......iI.....a.-....rq....f.9>....TRE..8".mO'8;.i..V.1q#.......O.2A9.....C..<w..$.3....2......sX.v..#].pO*}*...{..........%..T(GQM.V..M...U.f.A..Z.#6.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dJK2j[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):7172
                                        Entropy (8bit):7.924765400998839
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F93AC20893F869DC8911341BED22A8D8
                                        SHA1:5DCD7AFBD2F962D1D3E959436D7D71860738AF20
                                        SHA-256:5FF6F759BFBE23B2AB3E433FBF0DE7529E14C44C1A9C493BE65304CD2421F94D
                                        SHA-512:51C1EDD24CFAC389647BB951749B3E2E5ED8CB272F4FE9572049877A249D07D17AB8322FD6FA42B523E3655120E94B58E31D9C7CDCD46D09D98C34E6229AC9A9
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJK2j.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=485&y=51
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......'.l.i....XF".....7..<qSJJe..R.fO.y...'.S.\".V...A5...9.)-.Q.f..$.5......6.`#9.L.t5.bClP..G.........J.?...TX|.l..ET.?-.Z.....T....@....k@..CYV.qV..y.#h.".6...).*hm..Eq.V.(H.OR.n...[.....U.b.......N..P...i#r\.a\y.3b.S.QO.j..l.Q`...)..).1c....V+.j..b.$g.L.HH.N..>(*.qU..H\.Rx.)..'...4....=.......J...O..0...=+...k.......L.f.\|.q.Q.2.bIM..l7+(...cB.Y..w
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dJLcU[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):5184
                                        Entropy (8bit):7.884374170869578
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CD4FB04C4C48BF6BDAF4C60F4E9A346D
                                        SHA1:C46A776ABAEA0CCB36DDA95EF2902D31CEF7E5F6
                                        SHA-256:3AF2663313FD0614D82280330F6960BD5B0567AAE0C804583686A881CDFA5320
                                        SHA-512:BD91A58A9269A7AEAFDFDE52EEF42F4F4D4631C16A043FF4D6384D961219CCF2FA8F431279766DB147929EB66565A3C387593B9E9E17E58E7B3D0AB347B00E5C
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJLcU.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...784..R.b..&.M3u!j.8.a4..I...M&..FZ...4.ijaj.q4............0cQ...0..k.a4.j64.Bi...L&...a4.M&..MF.MF..cH...fi1..7T2.iKTNri.&h.&i3L@M4.Ri...X....a...LcN4....S....@.ME!.ME!.c.SI..M.!5..q.5.1.0.sTf..4..w.4...li.j.4..8.M!..ja4....Fc.Rn..SKS.)jij..4..HM4.ajij.q4.4......Fj2....!j..i...R.M4.....b.a.-M-@.i.S...H.....i..cM1...lh...iI..HgrQ.).....Tmm'.j....M*..m.....[.....
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dJRhO[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
                                        Category:downloaded
                                        Size (bytes):10387
                                        Entropy (8bit):7.937765168854081
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E7B28A659B34E0FB4220AEC773CFE0CF
                                        SHA1:594F85E3CF72A881666C18A6D0C82DF75E638FD5
                                        SHA-256:3DDDAF3F900A50611C32345B1BC8352FF11E8C67E3B07DD32FA9DDD8950DD2F5
                                        SHA-512:9D541374CE7F87BD10ED2648FE88B1AA3447F3434977796CBFD895945BF5DDD40EABBCFC9596BED1E31FEA9FF90F6DE477B6850E748A22D319F68B8256629C4F
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJRhO.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...N...)...QI..c4.ozvh..p..x.B.M[.J.2c..........zk......M%...3...^;.(..E.y.^.. l+.n..$.g..Y[..%{...G".mt.x...RG9#'>..F"..O'..S6.5..h.$.5mQcR..#.....i.q.o..h.u4.._.S..3..7...$c.*...d..V.f..n.......v..?.Q..-....a._....[.....n..d......)`pp..C#..j6......? ../#n.@.\`.:....S..[..t..7.I......A(.;.Z...+.r.....L.m.3.8d4.....W...<..~.`y..C( ....7....`..k.4...-rr|......*@j%5
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dJTPS[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):7297
                                        Entropy (8bit):7.921382729787624
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BDD31266E24809CD412C18F74B5726AD
                                        SHA1:561A72B21915E703CBFA5E3D9CD9DF0CBFB66C50
                                        SHA-256:20D40338DB212FD880272BFE770E88CE2F570F8E219A959259FFF5DE248D4177
                                        SHA-512:710A02D32372D15AA449412D93E44BA83D08F129378F024D16A10D845D0FAA9672257089AAB6D1915CBDECE45B2FF28A753CB2352FB163170EA32D7C8117D4E2
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJTPS.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=691&y=243
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...0.x8.f^.#..3.VQ..........=H8.+.....m^...Y..N...z.nN..c\.Y.i..(...6.b....@&)...Xs...T.bTn...)r.c.i\...l..=?.d..8a.S.9.3.S....NE.r....d..C.V".Z.........]..6...~.i.D...H.|.....=...M.I...T._p.5dC$xb..z....E....8q......F6e.9h.#.T.l...J.8..*:.r\Fiwd`.'...ap..........A.......q....sU.D..x...Rh-....%...?..BJ..>r.....j.I..T$...r.s.OJ..[....G.?.s.8.T..lQ....
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dJh9q[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):24172
                                        Entropy (8bit):7.967144310483982
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0F6FAFA8004B73BB1394959B653DE040
                                        SHA1:2D287ECC70774A4EF08F28032083E3C19D50A28C
                                        SHA-256:4366A0871620A360D0A0758A91CE81AFD49A4A6DEDB9FB853AD31446B1A31283
                                        SHA-512:59D9452D7FED08872B72EBAB18B101C1776853B01AE7ECC3451049E4E3D9886A8B910350FFC93D82338526A19FE53F5F802E04BD277FCCABFAD8B12E400138CD
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJh9q.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1002&y=1956
                                        Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..r...2.7.3..U..H..v..Z....6FF0;g.dHY.......Q.Y.37U....aH..T%.`.k.)..J'..l....).\W\W56.....i.@47Z....".I#;..R.ls...t.u?0PH.....X........2.....B...mi.o..ui........?......"0I..Z[+e..$...~.C.C%...3.}...8......f......6...Ea...N@..X.Jf......;~Y..."...E....~......QR.....T}.b..A...9.KU....\.2....l.A..~... U....R*...a.$..b.q....O.Wo!.n.s0..p>..."E.%./9 {....v...
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dJwQQ[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
                                        Category:downloaded
                                        Size (bytes):2311
                                        Entropy (8bit):7.81537049163614
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8445000D0EE3020951A6D90BE2F214C2
                                        SHA1:369B037399BBA95D48B28379BDD9C2944B0EE2BE
                                        SHA-256:E2FF809357F68760DB0BC88912860A92C080BCEAE06C6512105D0E6BEA9816EA
                                        SHA-512:8D01B226B1F7340B77BBA3B3945454797D2B4CCD4C058836B1A845CFF6C8458CA363C923EB7E76637A2FB1AB6DCA22F96406268F0B71D5445DB60033F5F2B2D9
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJwQQ.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1729&y=651
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...%,.,d.@8.'.,1.A....{{{..\G...q..d'T.......4...`..}....._.o...1.-..}Q` }V.(..K.FI*:~u..x.Q.....X..l{..z.........6..m...n.t#_.Ah.<.8.....nfi^"..6../..(.0O.[Q_[..8.......T.K7..m.xZ.!.g.s.]]".Hc$...h....."(.;C.{.Q. e..L........b~..=..@tX.I..C.............1.Z.q.G.E.i.;S..c.0...{.Q`.9..'....QP.c/.......X.i....K...*.J...X.....&..$R...e......#....x..3..>.).j.83G.p
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dK5Wm[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):7660
                                        Entropy (8bit):7.934126825168742
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:553330228AB77CECB03D239A5A2F8034
                                        SHA1:213BB81339996BAE1C32514572E616FE46ADA81E
                                        SHA-256:9062239B13F77926A5F36D330243A9B5E8006925201151017735838B19DFFFCB
                                        SHA-512:8E05AE6B35020D6FF1FF7AEB51979631DF51D73FE7777AD59EC8F193D53DB0F40B06A1B396B44C877AF1DD51FE7C374DA6C1846C131AE26CC2C2D1DE4ADCBDA0
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dK5Wm.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=569&y=300
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...U8.@....t.....bEq.I.....Jk.#l'........U...2...8.E.....4....*..;>..Z..{.,1..s..T...y....t5m.I=.9,....T.@.?..v...$.^.."?8B..e....C.4.).k...VYy#8...F.....LU...Pr.Q....5.rz.h.OA.J...4.R.}.&.mQ...1QC.....F.....<5.K. .45N;........fn.k...3..e..*.>..k.Y.......q..?.&.=.wC..,A........5.0. ........n....h..vw:E.....U.M..-.A.jj.d>s.......e..H~.5.J.v...>^..Z.o:..
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dK74w[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):6053
                                        Entropy (8bit):7.918348713173437
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A705833E09BAE63B1014D176BFE73DF2
                                        SHA1:26743E6210B1F4D214787F5C69680E4BA18B1DD1
                                        SHA-256:7F6EF5B3983CA6F9D297C8AB9D716CED453F049FDF2D0966E6A9F541BA112707
                                        SHA-512:47935AD55F5E8842F4D4193E2674F9C5C8DEF068E07608A25C07F9C78AC0B7D13CFA2DBE28BFEAB4BF3E069CC80E894A9799854530082948F64AD9E457A4DB88
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dK74w.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=539&y=188
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..ih..O..(...ZJZ.).s.H..j.i..8..fu*r.K{p...&."$JX......6.^MF.z@....J.q99.gm.ZRV?..m.&7Nv...?.i.YrF.>..c..R.......j...JVE9.........q#tL..]5..m....&....V.Kb9d.8.n."...Z.o.........p.`....g....9+.*\..Pq#X.l.....<jP.......V.. ..v........u...P..\.....W.6.3..K...)qIH...(..KIK@...R. ..(...JP3.(...#....(.`...*Y.h.js!..H.+....A.....{U.Q.;.......V.0.kNA.<..zR.2L."m.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1dK9Tk[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x250, frames 3
                                        Category:downloaded
                                        Size (bytes):8541
                                        Entropy (8bit):7.924442887766196
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:65BAEA546FC2A7DD0F54652195AA5792
                                        SHA1:5664CCDDF9E3CD89570486B86239F5563B8FA0AB
                                        SHA-256:E37AB6147741F5CCFD420A6111464AF935A9D2AAD9F43D4E12FCA776954EF1C3
                                        SHA-512:B5CA28EC84F2A0A50C19E7E1A35204CA56BD8B5BF2509070806B2168D7997AE7E4B8F77BDB2E25B8108F73E63CCBDD1866CABF23B9081BDB9C755946DD39337C
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dK9Tk.img?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jpg&x=419&y=180
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........#.c.N.5;.......+,B.......jS..Am..[S@.....5.....l.. $[.5*..j.bAR*..J...:..S....(.~Q.4...sUe....ZI.....@.....ITn/PC..U^.5...A...C..7a.s..d|..V........G....=..5..Cyk..e".w..rw.l.E>;.u.'5L.+K.sn;..Z..z.6......K..k5.F3PK>GZ...3.)...6.Q..S.QE%...S...4})1.C..9...Fz..3....E;.....CSDqE.....*.n1O.....#ZpE.O.#...Z...E<m....zi...j.QK.Y...0.1.E..3..Mk...c.....s..`...
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB6Ma4a[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):396
                                        Entropy (8bit):6.789155851158018
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6D4A6F49A9B752ED252A81E201B7DB38
                                        SHA1:765E36638581717C254DB61456060B5A3103863A
                                        SHA-256:500064FB54947219AB4D34F963068E2DE52647CF74A03943A63DC5A51847F588
                                        SHA-512:34E44D7ECB99193427AA5F93EFC27ABC1D552CA58A391506ACA0B166D3831908675F764F25A698A064A8DA01E1F7F58FE7A6A40C924B99706EC9135540968F1A
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB6Ma4a.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J....!IDAT8Oc|. ..?...|.UA....GP.*`|. ......E...b.....&.>..*x.h....c.....g.N...?5.1.8p.....>1..p...0.EA.A...0...cC/...0Ai8...._....p.....)....2...AE....Y?.......8p..d......$1l.%.8.<.6..Lf..a.........%.....-.q...8...4...."...`5..G!.|..L....p8 ...p.......P....,..l.(..C]@L.#....P...)......8......[.7MZ.....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB7hjL[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):444
                                        Entropy (8bit):7.25373742182796
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D02BB2168E72B702ECDD93BF868B4190
                                        SHA1:9FB22D0AB1AAA390E0AFF5B721013E706D731BF3
                                        SHA-256:D2750B6BEE5D9BA31AFC66126EECB39099EF6C7E619DB72775B3E0E2C8C64A6F
                                        SHA-512:6A801305D1D1E8448EEB62BC7062E6ED7297000070CA626FC32F5E0A3B8C093472BE72654C3552DA2648D8A491568376F3F2AC4EA0135529C96482ECF2B2FD35
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB7hjL.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J....QIDAT8O....DA.....F...md5"...R%6.].@.............D.....Q...}s.0...~.7svv.......;.%..\.....]...LK$...!.u....3.M.+.U..a..~O......O.XR=.s.../....I....l.=9$...........~A.,. ..<...Yq.9.8...I.&.....V. ..M.\..V6.....O.........!y:p.9..l......"9.....9.7.N.o^[..d......]g.%..L.1...B.1k....k....v#._.w/...w...h..\....W...../..S.`.f.......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBOLLMj[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):507
                                        Entropy (8bit):7.140014669230146
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:25D424F126A464CA028C0C9BA692ADA9
                                        SHA1:E54F845D1099C8D7B7BA0C5E9B57DFA7163CE95C
                                        SHA-256:E0DF9CDAFF2557C7B555FFAED40B7E553FF6C50DD58FE79C27B3AA69CC56258D
                                        SHA-512:7E72F13B354AA5EE99EC50057DB2BFBC35A78D5617A36ED90864D1DA6AC1B692301115EF8F44255AB3894142D6C0F634A2CFD44EBCD00B039DC628F751579DC3
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBOLLMj.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Oc.v.............g8......'.......X].............l.....z..]\.|d...i5U`.,,,......~.f.+-ax..5T..`....S.M{......d..w?...1..?..Vo...G....>z.L...2..10222.::1...1....,..0.........``b.HgFE3<;z..,5..G.,P...........t..Y._.}...TT..}.l..0..j......%..^.{.f.9;c....aAA0...w0]....ag.fc...(HK...>0....!=".AMQ.,..`......y...8.a....k.D..`..J8..!`....|.R...@S.,..0...&..2...0.8t.....yq..B...Wo..@...F..........ks.....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBVuddh[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):304
                                        Entropy (8bit):6.758580075536471
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:245557014352A5F957F8BFDA87A3E966
                                        SHA1:9CD29E2AB07DC1FEF64B6946E1F03BCC0A73FC5C
                                        SHA-256:0A33B02F27EE6CD05147D81EDAD86A3184CCAF1979CB73AD67B2434C2A4A6379
                                        SHA-512:686345FD8667C09F905CA732DB98D07E1D72E7ECD9FD26A0C40FEE8E8985F8378E7B2CB8AE99C071043BCB661483DBFB905D46CE40C6BE70EEF78A2BCDE94605
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........+......IDAT8O...P...3.....v..`0.}...'..."XD.`.`.5.3. ....)...a.-.............d.g.mSC.i..%.8*].}....m.$I0M..u.. ...,9.........i....X..<.y..E..M....q... ."...,5+..]..BP.5.>R....iJ.0.7.|?.....r.\-Ca......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\auction[1].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines
                                        Category:downloaded
                                        Size (bytes):25971
                                        Entropy (8bit):5.6730543744154325
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1C77F87CE2CFB002419651464B128079
                                        SHA1:8F791F942008B9CD2ADADC2E0F21C2B35F1BBA20
                                        SHA-256:B155CFE9B18D7E050719E25EB3F187FCDE2B4C913B84C2265BA2C98976F2FC0B
                                        SHA-512:6943929C29304510C75F3BF732BE8A30F50D61212493D8C92483FE7D11D76642059DCF28EBBDCF8F3A434BFFD11F7AB2267E635317EDBAC42C54DF3E3573DC42
                                        Malicious:false
                                        IE Cache URL:https://srtb.msn.com/auction?a=de-ch&b=bdba494a96d84d55ae3ddeff8518e15a&c=MSN&d=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&e=HP&f=0&g=homepage&h=&j=0&k=0&l=&m=0&n=infopane%7C3%2C11%2C15&o=&p=init&q=&r=&s=1&t=&u=0&v=0&x=&w=&_=1613569558078
                                        Preview: .<script id="sam-metadata" type="text/html" data-json="{&quot;optout&quot;:{&quot;msaOptOut&quot;:false,&quot;browserOptOut&quot;:false},&quot;taboola&quot;:{&quot;sessionId&quot;:&quot;v2_41d70a32e5c4e8ca9c96801325773248_db96a1b6-10f8-4bfb-b53c-5a109c198c02-tuct726250a_1613537162_1613537162_CIi3jgYQr4c_GIyb3PrpofTgIiABKAEwKziy0A1A0IgQSN7Y2QNQ____________AVgAYABoopyqvanCqcmOAQ&quot;},&quot;tbsessionid&quot;:&quot;v2_41d70a32e5c4e8ca9c96801325773248_db96a1b6-10f8-4bfb-b53c-5a109c198c02-tuct726250a_1613537162_1613537162_CIi3jgYQr4c_GIyb3PrpofTgIiABKAEwKziy0A1A0IgQSN7Y2QNQ____________AVgAYABoopyqvanCqcmOAQ&quot;,&quot;pageViewId&quot;:&quot;bdba494a96d84d55ae3ddeff8518e15a&quot;,&quot;RequestLevelBeaconUrls&quot;:[]}">.</script>.<li class="triptych serversidenativead hasimage " data-json="{&quot;tvb&quot;:[],&quot;trb&quot;:[],&quot;tjb&quot;:[],&quot;p&quot;:&quot;taboola&quot;,&quot;e&quot;:true}" data-provider="taboola" data-ad-region="infopane" data-ad-index="3" data-viewability="">.<
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[1].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines
                                        Category:dropped
                                        Size (bytes):20808
                                        Entropy (8bit):5.3018084083386
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F20E359D299221FAA621EEED8710C7CE
                                        SHA1:CDE9D4EAA1954C0BDC907377024AB11A62EBC3C6
                                        SHA-256:BC6612574C7F898BCA97BB62CEB242821B9EDEE9B5A01F30113E0C4189CA72A0
                                        SHA-512:477A7A1D520D0A580358B36F368FB625A692D5F6701FE4AD5FAA617A87A5C1027ECF95FDB07ED0E5AB09A504C62DBDAF89FDD1A5B153D6B4AAEC460E8EB76A47
                                        Malicious:false
                                        Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":75,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[2].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines
                                        Category:dropped
                                        Size (bytes):20808
                                        Entropy (8bit):5.3018084083386
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F20E359D299221FAA621EEED8710C7CE
                                        SHA1:CDE9D4EAA1954C0BDC907377024AB11A62EBC3C6
                                        SHA-256:BC6612574C7F898BCA97BB62CEB242821B9EDEE9B5A01F30113E0C4189CA72A0
                                        SHA-512:477A7A1D520D0A580358B36F368FB625A692D5F6701FE4AD5FAA617A87A5C1027ECF95FDB07ED0E5AB09A504C62DBDAF89FDD1A5B153D6B4AAEC460E8EB76A47
                                        Malicious:false
                                        Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":75,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\de-ch[1].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                        Category:dropped
                                        Size (bytes):426157
                                        Entropy (8bit):5.4411465844338585
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E7978341677A20D573E589245EBED9A8
                                        SHA1:040CE3C63900DE02AE6206065BD54FC2AD44381D
                                        SHA-256:232CB415D2BB29882D745B7AC3A603F3BCA68D2B42E614A792390F401C49EFD0
                                        SHA-512:0D1DBBDD4C8BA808DFFAA7F87C9975DEF2644CBF7843D44149AEA4A52E8B48FEA73F976E5F8947018DB00FBD3A0315EDD5C4971A79866364723024861E2C9A40
                                        Malicious:false
                                        Preview: <!DOCTYPE html><html prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#" lang="de-CH" class="hiperf" dir="ltr" >.. <head data-info="v:20210213_31441752;a:bdba494a-96d8-4d55-ae3d-deff8518e15a;cn:0;az:{did:951b20c4cd6d42d29795c846b4755d88, rid: 0, sn: neurope-prod-hp, dt: 2021-02-15T13:38:02.7265938Z, bt: 2021-02-14T01:16:00.9759611Z};ddpi:1;dpio:;dpi:1;dg:tmx.pc.ms.ie10plus;th:start;PageName:startPage;m:de-ch;cb:;l:de-ch;mu:de-ch;ud:{cid:,vk:homepage,n:,l:de-ch,ck:};xd:BBqgbZW;ovc:f;al:;fxd:f;xdpub:2021-01-12 22:59:27Z;xdmap:2021-02-17 04:45:28Z;axd:;f:msnallexpusers,muidflt19cf,muidflt27cf,muidflt56cf,startedge3cf,audexedge2cf,starthz1cf,platagyhz1cf,moneyhz3cf,gallery2cf,onetrustpoplive,msnapp4cf,1s-bing-news,vebudumu04302020,bbh20200521msn,prong1aac,csmoney3cf,prg-gitconfigs-t11;userOptOut:false;userOptOutOptions:" data-js="{&quot;dpi&quot;:1.0,&quot;ddpi&quot;:1.0,&quot;dpio&quot;:null,&quot;forcedpi&quot;:null,&quot;dms&quot;:6000,&quot;ps&quot;:1000,&quot;bds&quot;:7,&
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fcmain[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines, with no line terminators
                                        Category:downloaded
                                        Size (bytes):38795
                                        Entropy (8bit):5.056607052202013
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B9C0F415FEB034FED553643A5F23DF7C
                                        SHA1:5F7A7E867F1BDCE6BA4823B0B1CCDDF7D9A93DE5
                                        SHA-256:86B70208E4E58F70DA40D16E21557A7E550EFE2178AFCC8787B912990C824602
                                        SHA-512:107AEE178DFF5B0AA0F95B5E08D7F633CC37920006AAB7C042BEE0E3FC479DCA55EA401E531351F9EE933764B28759F0888C5FE87DFD54CDB99FF501AC853B60
                                        Malicious:false
                                        IE Cache URL:https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=858412214&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1613537159996180788&ugd=4&rtbs=1&nb=1&cb=window._mNDetails.initAd
                                        Preview: ;window._mNDetails.initAd({"vi":"1613537159996180788","s":{"_mNL2":{"size":"306x271","viComp":"1613537159996180788","hideAdUnitABP":true,"abpl":"3","custHt":"","setL3100":"1"},"lhp":{"l2wsip":"170721369","l2ac":"","sethcsd":"set!N7|983"},"_mNe":{"pid":"8PO8WH2OT","requrl":"https://www.msn.com/de-ch/?ocid=iehp#mnetcrid=858412214#"},"_md":[],"ac":{"content":"<!DOCTYPE HTML PUBLIC \"-\/\/W3C\/\/DTD HTML 4.01 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/html4\/loose.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head><meta http-equiv=\"x-dns-prefetch-control\" content=\"on\"><style type=\"text\/css\">body{background-color: transparent;}<\/style><meta name=\"tids\" content=\"a='800072941' b='803767816' c='msn.com' d='entity type'\" \/><script type=\"text\/javascript\">try{window.locHash = (parent._mNDetails && parent._mNDetails.getLocHash && parent._mNDetails.getLocHash(\"858412214\",\"1613537159996180788\")) || (parent._mNDetails[\"locHash\"] && parent
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fcmain[2].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:downloaded
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        IE Cache URL:https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=858412214&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1613537159792122663&ugd=4&rtbs=1&nb=1&cb=window._mNDetails.initAd
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http___cdn.taboola.com_libtrc_static_thumbnails_06326605864354eef8d69459f54ecc0c[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):14949
                                        Entropy (8bit):7.863128761513647
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4CCD5894127614E408DEB8BDBF0051B9
                                        SHA1:B8F3DF4C91750EFE08A455A9733EF77633B09359
                                        SHA-256:DEAAE85FE55DD154DFEE16A701623B4FA7E5619C1C09B87EAC3EF9FDABCD9038
                                        SHA-512:9F1DA6AEADF58A0E5D30B787BBC1BCBCC2D57A6ECFEDD6F87BB2B89C57F6B563D29ACC917DC9292234E3C46A4CE8123CCCD600FD4A641251980BEB22A33EC01D
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%2Cg_xy_center%2Cx_485%2Cy_402/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F06326605864354eef8d69459f54ecc0c.jpg
                                        Preview: ......JFIF.............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1........
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http___cdn.taboola.com_libtrc_static_thumbnails_82baf35d7cc74b9e51be7f602b931379[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):12904
                                        Entropy (8bit):7.95877351198921
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C3A7E31F4BDBD53F6A8E8D751FD72C7A
                                        SHA1:99AB94231A1CE3FC3916980A43F981D4DFF5F0F2
                                        SHA-256:38652F1FF5E3A63BCE841F8AEC3B4905B47EFB6B60A036424CB659797FD5600D
                                        SHA-512:1C4026C733A1F725F2BD72FBB0F093DEF6A818E212CDE8D20490074A73AF619DAED58AE0ACCE47063AC4920AB9F56456D648058D55A9C65381191C671A3821E7
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F82baf35d7cc74b9e51be7f602b931379.jpg
                                        Preview: ......JFIF..........................................................+".."+2*(*2<66<LHLdd.............................................+".."+2*(*2<66<LHLdd.......7...."..........4.................................................................-.n....5:.r%.X;....}...bC3....r.#....p..........f....#.....[...s...d.{=,..6...IT.:.v&V,P.....1M.P...6)q....j....u..B.g..#.u.....]..".#......y...c.B.Kh.[}.... S.t1z|..U]S.....R..1.....lyf.)Y3*.o,..n....7..$j{yy%.b ...+.sq.F..hh...,.W....:I.....+...\|.uZ....&.f..!.v..,0i..J...Lk0...+U..T.@..y....KfS.6.!4..|3H...V^.v.X.6.a4.!...9y.i.......z,..Fr[.4....v..z+.IM.k.d1...._...N..........e.S.-.l.%...U.6]D..":.......A...h..L..j.E...?.f.6F...KB.......2..Ar.xT..6..a.e,E..V~...f.e...../...q.cBE.5.......a.R..;.u..dXC.#..S1.^+.[..r....6t.:U..N9.|.B...=...4..q...X..........W......\..tL.&7U....>}.D.._w....]b.W...PH.y..r.4..H...e!..NZ...0./k...:............V.I.o....|........E...z-B.....y..q.b....Q..u. .H.........EC.`=H
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http___cdn.taboola.com_libtrc_static_thumbnails_e1cb3d470d2ea8d4eeaa2ba5fe623782[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):21709
                                        Entropy (8bit):7.975088991833091
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0DEB4D7596372D285BEBB0A1E6B6A21F
                                        SHA1:EDF7988AD1BCDEA61CE9C34EBD0970EF06A0A8F6
                                        SHA-256:32FA55A0171E0328B9DCB990889245B9507DB6AAEE4F871DB051FE9825D7A84B
                                        SHA-512:D448CC38C0A32FDB6428778E964FAA330975F99271E5BF5C88FFE3541F8890EAE14ADBEFE20EA2A476E0F3B36A2E4D2E2A6D9F6B84A97DCE7E6DA035C3A5756B
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fe1cb3d470d2ea8d4eeaa2ba5fe623782.png
                                        Preview: ......JFIF.....................................................................&""&0-0>>T.......................................................&""&0-0>>T......7...."..........8......................................................................Z.^..$./.;6.......[.RIy.................J!vo..Ny.Z.QvZT.6..&.2I...$.%.1.CMT.F.`..'.$.$.$.....h3.."Y....I%.R_C...{.....E.SU..v}.H.....m.=...gi..F.....]V+.I$.cu...4gI.[.<..+...6.G.j.q:e.M.).$..Z*..Ah..(.d.&5im&..`..*..of.#.A..|.OS....h{.......7.0S_Y.W.............Q...18....qB2..B~....Z....c..F.De...s.....V....n.HA..W.l^.K..C..41..#.....w..o..5.3r...I/Z.&Iz.u.ZI..0..1.R.....`T{D......k..q...nd>.\.....y.D...=....o.y.......*.,P,.Oj..m.....@CcP<m.....~..a.7..i_..s...s...O.}T.G.e|.W..u.%&...r.09}....4&..r}T.v.7.q1...Sinh....Y............~q...h/..I.......0.$..w.........#..s9.k..&A.t".....j....5..Wm..7s...*,x.Q..n......G.F.^E...-..d..C...;..KQ._....m.Yz.j...IR5.......~...XO.,,?Q...d+v..........:)``.....-.3*.D..m..Z.q
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http___cdn.taboola.com_libtrc_static_thumbnails_f52032391a565ce1f56d11eb2ad607c3[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):8591
                                        Entropy (8bit):7.946592792308832
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:39E5B2258A745DC9316075FFF8A0AC39
                                        SHA1:3FD7D0FD193810973CCE07DE9B693FDE6F9874D3
                                        SHA-256:EEF9FD0054A8E7DAE10C188C3EFCD1542E22BCD1FC17A70ADF994CC2D54B8FA0
                                        SHA-512:893139044F05EA5727D27EF1672F43E6B5E8D4371104C3EC645EA464D2D1995443FFD593115734F43EB86C4E1E9B24830F2E4826206D0EA9F720840D242741E2
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Ff52032391a565ce1f56d11eb2ad607c3.jpg
                                        Preview: ......JFIF..........................................."......".$...$.6*&&*6>424>LDDL_Z_||.............................."......".$...$.6*&&*6>424>LDDL_Z_||.......7...."..........4....................................................................9...%.q........WF.....G....'X4.2m.s.1..0..|.......=..]:F5.HPz<.4..W~;.U).r...8.d..........=.;[..3.tZ.....wgNG.....8..........>l.......?.{...!`.I..fD........E......sq...z..X.{...>^....z..,`...3.d.P...>q.OG......l..kui..L....>........=...8P.....<7N.N|..t..va..gq...p....{YI-.u.R.E....]..).....|{...........-......3........iYn..O/..L.....D..m...Rde...#".h..$.e.\yt...............!.:./..Fm.T...N.'..pu\..$.{.....x....oS.Y....$tc...0...:;3..g.U.`...%._GJ.r.E..7?.."g......"....M..(.a`H.i.7..d.4YY "..W.i.Q.....q...,....Z...5..Y.Z.+b^..3..(.%.....<;....n.X.~...N...v.^.qA.88..Z...).b.........].c......j..P.R.'...g.{..N.'.X...1.1.d.h..6lfU<8.IL..?Q...j..B..K...M-Lp...\.&.....K.j..<.?....:...zk%.M....>.V.ae..[...
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-2.1.1.min[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):84249
                                        Entropy (8bit):5.369991369254365
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9A094379D98C6458D480AD5A51C4AA27
                                        SHA1:3FE9D8ACAAEC99FC8A3F0E90ED66D5057DA2DE4E
                                        SHA-256:B2CE8462D173FC92B60F98701F45443710E423AF1B11525A762008FF2C1A0204
                                        SHA-512:4BBB1CCB1C9712ACE14220D79A16CAD01B56A4175A0DD837A90CA4D6EC262EBF0FC20E6FA1E19DB593F3D593DDD90CFDFFE492EF17A356A1756F27F90376B650
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquery-2.1.1.min.js
                                        Preview: /*! jQuery v2.1.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\location[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:downloaded
                                        Size (bytes):182
                                        Entropy (8bit):4.685293041881485
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C4F67A4EFC37372559CD375AA74454A3
                                        SHA1:2B7303240D7CBEF2B7B9F3D22D306CC04CBFBE56
                                        SHA-256:C72856B40493B0C4A9FC25F80A10DFBF268B23B30A07D18AF4783017F54165DE
                                        SHA-512:1EE4D2C1ED8044128DCDCDB97DC8680886AD0EC06C856F2449B67A6B0B9D7DE0A5EA2BBA54EB405AB129DD0247E605B68DC11CEB6A074E6CF088A73948AF2481
                                        Malicious:false
                                        IE Cache URL:https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                                        Preview: jsonFeed({"country":"CH","state":"ZH","stateName":"Zurich","zipcode":"8152","timezone":"Europe/Zurich","latitude":"47.43000","longitude":"8.57180","city":"Zurich","continent":"EU"});
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4996b9[1].woff
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:Web Open Font Format, TrueType, length 45633, version 1.0
                                        Category:downloaded
                                        Size (bytes):45633
                                        Entropy (8bit):6.523183274214988
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A92232F513DC07C229DDFA3DE4979FBA
                                        SHA1:EB6E465AE947709D5215269076F99766B53AE3D1
                                        SHA-256:F477B53BF5E6E10FA78C41DEAF32FA4D78A657D7B2EFE85B35C06886C7191BB9
                                        SHA-512:32A33CC9D6F2F1C962174F6CC636053A4BFA29A287AF72B2E2825D8FA6336850C902AB3F4C07FB4BF0158353EBBD36C0D367A5E358D9840D70B90B93DB2AE32D
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
                                        Preview: wOFF.......A...........................,....OS/2...p...`...`B.Y.cmap.............G.glyf.......,...,0..Hhead.......6...6....hhea...,...$...$....hmtx............($LKloca...`...f...f....maxp...P... ... ....name............IU..post....... ... .*...........I.A_.<........... ........d.*.......................^...q.d.Z.................................................................3.......3.....f..............................HL .@...U...f.........................................\.d.\.d...d.e.d.Z.d.b.d.4.d.=.d.Y.d.c.d.].d.b.d.I.d.b.d.f.d._.d.^.d.(.d.b.d.^.d.b.d.b.d...d...d._.d._.d...d...d.P.d.0.d.b.d.b.d.P.d.u.d.c.d.^.d._.d.q.d._.d.d.d.b.d._.d._.d.b.d.a.d.b.d.a.d.b.d...d...d.^.d.^.d.`.d.[.d...d...d.$.d.p.d...d...d.^.d._.d.T.d...d.b.d.b.d.b.d.i.d.d.d...d...d...d.7.d.^.d.X.d.].d.).d.l.d.l.d.b.d.b.d.,.d.,.d.b.d.b.d...d...d...d.7.d.b.d.1.d.b.d.b.d...d...d...d...d...d.A.d...d...d.(.d.`.d...d...d.^.d.r.d.f.d.,.d.b.d...d.b.d._.d.q.d...d...d.b.d.b.d.b.d.b.d...d.r.d.I.d._.d.b.d.b.d.b.d.V.d.Z.d.b.d
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with very long lines, with no line terminators
                                        Category:downloaded
                                        Size (bytes):2889
                                        Entropy (8bit):4.775421414976267
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1B9097304D51E69C8FF1CE714544A33B
                                        SHA1:3D514A68D6949659FA28975B9A65C5F7DA2137C3
                                        SHA-256:9B691ECE6BABE8B1C3DE01AEB838A428091089F93D38BDD80E224B8C06B88438
                                        SHA-512:C4EE34BBF3BF66382C84729E1B491BF9990C59F6FF29B958BD9F47C25C91F12B3D1977483CD42B9BD2A31F588E251812E56CBCD3AEE166DDF5AD99A27B4DF02C
                                        Malicious:false
                                        IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/55a804ab-e5c6-4b97-9319-86263d365d28.json
                                        Preview: {"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"LOCAL","Version":"6.4.0","OptanonDataJSON":"55a804ab-e5c6-4b97-9319-86263d365d28","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"6f0cca92-2dda-4588-a757-0e009f333603","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","sc","br","bs","sd","bt","sg","bv","sh","bw","by","sj","bz","sl","sn","so","ca","sr","ss","cc","st","cd","sv","cf","cg","sx","ch","sy","ci","sz","ck","cl","cm","cn","co","tc","cr","td","cu","tf","tg","cv","th","cw","cx","tj","tk","tl","tm","tn","to","tr","tt","tv","tw","dj","tz","dm","do","ua","ug","dz","um","us","ec","eg","eh","uy","uz","va","er","vc","et","ve","vg","vi","vn","vu","fj","fk","fm","fo","wf","ga","ws","gd","ge","gg","gh
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\58-acd805-185735b[1].css
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\755f86[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):390
                                        Entropy (8bit):7.173321974089694
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D43625E0C97B3D1E78B90C664EF38AC7
                                        SHA1:27807FBFB316CF79C4293DF6BC3B3DE7F3CFC896
                                        SHA-256:EF651D3C65005CEE34513EBD2CD420B16D45F2611E9818738FDEBF33D1DA7246
                                        SHA-512:F2D153F11DC523E5F031B9AA16AA0AB1CCA8BB7267E8BF4FFECFBA333E1F42A044654762404AA135BD50BC7C01826AFA9B7B6F28C24FD797C4F609823FA457B1
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
                                        Preview: .PNG........IHDR..............w=....MIDATH.c...?.6`hhx.......??........g.&hbb....... .R.R.K...x<..w..#!......O ....C..F___x2.....?...y..srr2...1011102.F.(.......Wp1qqq...6mbD..H....=.bt.....,.>}b.....r9........0.../_.DQ....Fj..m....e.2{..+..t~*...z.Els..NK.Z.............e....OJ.... |..UF.>8[....=...;/.............0.....v...n.bd....9.<.Z.t0......T..A...&....[......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\85-0f8009-68ddb2ab[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AAuTnto[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):801
                                        Entropy (8bit):7.591962750491311
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BB8DFFDE8ED5C13A132E4BD04827F90B
                                        SHA1:F86D85A9866664FC1B355F2EC5D6FCB54404663A
                                        SHA-256:D2AAD0826D78F031D528725FDFC71C1DBAA21B7E3CCEEAA4E7EEFA7AA0A04B26
                                        SHA-512:7F2836EA8699B4AFC267E85A5889FB449B4C629979807F8CBAD0DDED7413D4CD1DBD3F31D972609C6CF7F74AF86A8F8DDFE10A6C4C1B1054222250597930555F
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAuTnto.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs.................IDAT8O].[H.a...s..k.x..$....L...A.(T.Y....S$T....E.J.EO.(=..RB^..{..4..M...^f/3.o..?,..|...9.s>...E.]rhj2.4....G.T"..!r.Th.....B..s.o.!...S...bT.81.y.Y....o...O.?.Z..v..........#h*;.E........)p.<.....'.7.*{.;.....p8...:.. ).O..c!.........5...KS..1....08..T..K..WB.Ww.V....=.)A.....sZ..m..e..NYW...E... Z].8Vt...ed.m..u......|@...W...X.d...DR..........007J.q..T.V./..2&Wgq..pB..D....+...N.@e.......i..:.L...%....K..d..R..........N.V........$.......7..3.....a..3.1...T.`.]...T{.......).....Q7JUUlD....Y....$czVZ.H..SW$.C......a...^T......C..(.;]|,.2..;.......p..#.e..7....<..Q...}..G.WL,v.eR...Y..y.`>.R.L..6hm.&,...5....u..[$_.t1.f...p..( .."Fw.I...'.....%4M..._....[.......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB17milU[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):627
                                        Entropy (8bit):7.4822519699232695
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DDE867EA1D9D8587449D8FA9CBA6CB71
                                        SHA1:1A8B95E13686068DD73FDCDD8D9B48C640A310C4
                                        SHA-256:3D5AD319A63BCC4CD963BDDCF0E6A629A40CC45A9FB14DEFBB3F85A17FCC20B2
                                        SHA-512:83E4858E9B90B4214CDA0478C7A413123402AD53C1539F101A094B24C529FB9BFF279EEFC170DA2F1EE687FEF1BC97714A26F30719F271F12B8A5FA401732847
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17milU.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs.................IDAT8O.S.KTQ...yj..tTZ..VA.r.B*A.rYA.FY...V..""*(.Jh.E -,..j......?.z..{:...8.....{s....q.A. HS....x>......Rp.<.B.&....b...TT....@..x....8.t..c.q.q.].d.'v.G...8.c.[..ex.vg......x}..A7G...R.H..T...g.~..............0....H~,.2y...)...G..0tk..{.."f~h.G..#?2......}]4/..54...]6A. Iik...x-T.;u..5h._+.j.....{.e.,........#....;...Q>w...!.....A..t<../>...s.....ha...g.|Y...9[.....:..........1....c.:.7l....|._.o..H.Woh."dW..).D.&O1.XZ"I......y.5..>..j..7..z..3....M|..W...2....q.8.3.......~}89........G.+.......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bvSqD[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):34573
                                        Entropy (8bit):7.951456352618893
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B44ED790C29AF03210FD637289BD37CE
                                        SHA1:91541AF319D7590E615DA81D69E79DB3CA9BF824
                                        SHA-256:0B31348F048B56E1864323EF069EC5AB1280BD7A53C466A63C6A424C4A0489BF
                                        SHA-512:1AF639B437928E8CF95E851D391FF3F04F3D06F043540DD411E1150472089796DFE778B78C5D084890AF56EF6E389107D6EACC3005C964B8CEF1511EEFA411F9
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1bvSqD.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=650&y=600
                                        Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...?8.E?.].7.u.......\g<-J.4......N.X....V....T..nF.M...'.m"=.-...OPW...p.bG,.....^..@....R)......Q0b6D.@.Aa0......*@.u.....)&.b.H.R,...N..(.p.w>W.~5..!...)1.Hr....&..Q...+..M.u5...!.y.`};Qq...w.N.&........C.EP..-.Iw%.-,^c......ox..P.e^A.u.......i.T.Y.O.:.q.c...=....v..O-.a./^z.W%...x..t..H..#w......-.Y...3....4...s..}.du.8..V...Cd.1.w.R..s..,`..}..P......;..PH.h
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1cEAUp[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):30945
                                        Entropy (8bit):7.965777819597918
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:44A18658C601989D66F63DDC9B82AB76
                                        SHA1:1A4642B218D7AA7503C23F311CB342D9AAAFDD00
                                        SHA-256:23A076A45A2B93E3F78FC80C39C7D69799405F44BB8FEB4A92C91A88F2AECC3A
                                        SHA-512:CAFC479733B00F0BA6583BB35C31DA9CFF3495CA52956E81AD92DA18EEB1E2441E0EFAFF7E69CC4824F3B6B26E1F703A6D1E58E0A5CD9D78D981712668ADD8A4
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEAUp.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..(....cqh.&h...h.&h..(4....1...34..1A.f.KH.4.SI@..4.h.h.....f.....j..kWQ..d..H?.d/....6%..9..JMf.4#9Q.c\.S.e'....t1..`./.S.........t..5.....@.u.B)..Hjc....+.h....Z.@$^...Vv.....[.r..H.#.#&.q........qP.g.pGCLg`....-..%*I84.vc.....H'p....N...;`....1....jo.A.]...........F.Yv f.H..V..K%. 7~.].....@q......lv.....p..1.&..%..E.#...b.7I ...JE.e...?.f.`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dCSOZ[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):403
                                        Entropy (8bit):7.182669559509179
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5F25361D8730566E8A8C453E8CC1339D
                                        SHA1:CD0C5A8D20810511C42D2EB37381EA9213568EDD
                                        SHA-256:7763287F5905D00A46BF4760FCF6C19E5BB0F234776BCAD174754BFBE304CF58
                                        SHA-512:DE8E82683A01745DD19C2AD25A7653B4AE356ED6278147019F0D1557DB0A689465FF70F7D927041BFA96D2A1C5F3F84DB24C1559E3CF7AB6D29D6B6BFDBC4707
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dCSOZ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........+.....(IDAT8O.R...@.=._.^..#.R....)..%.`...|A@.....!..lC.&...:.&...]...{8;3.........1....QUUL&..e.].9......u]..v..q.<.O....].}W@D..v.l6..q..4....9...m.X..X,.....{a.(..:...y..a.g.(..t"..K.D....`.~a.bl.[$I..H..........q............dYF.2f...(.^.r}..>.,.z..j..x<F..o... ....-.h4......i.|..5....k.....p........IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dI7Wd[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):11952
                                        Entropy (8bit):7.710699731399294
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:EB3523325D471A23A5334A7228DE342F
                                        SHA1:E16532827F9914137B1720BE54066CF8EFF3A446
                                        SHA-256:F326D77639E23D9D0A43E354B654D20310A4654A62B67808890756DDC0F7D298
                                        SHA-512:A246CBCD24A004E3F425FD25C51E5D797730B7D290E1BDEFA4A4492B224AD95F13431942A9E41D52E705E78A3F3DDC6FDE65805810C07F57916802217EB1D877
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dI7Wd.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..z(....JZ.(...)i)h...(..QE......QE-......R.F+[.q.uDV.............4..M.{/.h.%........{..t].@.~U.....l...#...v5...U.sI#..%vw's..{.w..*j...X....Ov.Ek4N...cG.J......5GE.$V].>.8oZ..t$G/.....=*..g..I.nr...[..A..-.#.p.N...S.c.k.....&.t..J...Oi.U}k69.w.l...V.r.f.|..5I&.0j.>x..C...'QR.JR...oc:h.s.j6@.W&N.W8b.f.78O.i.g..q..S......z..k...(....6.....KyG......N.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dJEKj[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
                                        Category:downloaded
                                        Size (bytes):2257
                                        Entropy (8bit):7.7906843941623105
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:29F275F30EA6F35CC011D8B1D8516938
                                        SHA1:160AD1482C0963890CA653FDBA1522DC1A77C7C5
                                        SHA-256:E33CC2F2DF23966BDFF908CFB12663D873F066942D68457A4454247651EE6D43
                                        SHA-512:58E15A79732BD8F91AF229A958295FC4B8BBD596D92BB78FB020FD39F72AEE3D8EC120FDC46BE26A4F654301D90DAB4166E6F772F91D42A4F798A456DEB9254D
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJEKj.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg&x=615&y=373
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..D-.R.j.L...j`*......u....h.b.v6..-7O..;...\..e#.#.....I......._...,......9.I..-..m.Ps..H.1.{..g..i.2.;W....>.P.g.9....4.s....3.9".+7.....+.....2..j.c.......3.S..a{.;.....$.........H.km....a....j.n....<....w..\....pt]....hQy.B..jZ9.ua.<.*]q..b:b..<.V8..&y...2...U......4W.c......7..2....3X.@....D.4.....\......i...y.I......l.0.&r>.'.....Go6.....~'.fI.;9Xc
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dJUzm[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):12389
                                        Entropy (8bit):7.952517074065751
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C3B3BAAAEE78CC71E5F191027164943C
                                        SHA1:11766C64768608961E2D7443493A5DFE2D884B1E
                                        SHA-256:4D1B0DF91B6311D9D2428AA9F6184C5CD5DA4766E4A3504A4118A95DCF96E13D
                                        SHA-512:B6AD57827BCCA5E0987349AD1F463AC716AB6961C58932909EC6926A4E38F3C9677DDC50A1A7E0494EEC8465FD05F72BE31FC28EBC0D42B266CE682BDC4370E1
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJUzm.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=706&y=68
                                        Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....&.^..oj....7<.J.n...pF*..AA...../.6....<du....Lr0[......5.B~u$...f..-..v........"........O|R.`*.fX>Fr....ii..%'....|.u..5...`{U.k..8f6r.2...H.A.zCDW...v..O..........Nzb.]}..i...I...X.R. `._z....1.@..uI..Z....c.jB.'..:b%.?Z.$@...PK......P....M'.....V.bk8V...o.......8....%#^..M...~.h.00r.9.H..b..D....z.....S...MF..t....T..H.........tR.M...].c1${q..V>.lV....9
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dJcy4[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):21116
                                        Entropy (8bit):7.9666462092492285
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:582C4CF08B611E52E4A4494F3B904EAF
                                        SHA1:950D944C02315689F9991B6AEA3D7229A0D742B9
                                        SHA-256:EA53AF3DCA0444E43AE3B0D57DC34E25E492AF1FCE9A83F68DC9BFC5C5057109
                                        SHA-512:DBAE945F1CF5705A9A23408875879228594180EA2E5AF4B937D02A16D7D8D2C68FBC130F703B25EBFC23E7493CC6905F2E26FA9571A05935B76F4E2D01DF415A
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJcy4.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1287&y=1237
                                        Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..T.UhU.Uj.4%;e<-8- "..8*...g.......P3'E{.....2..n....J..E.....[C,.....H...R...m..Rm..........W..+.Dt?.&.z..8...;....1.[...H.....(!..4.)......`<.Pj:\."PisQn...S.7.=h....Y'......\*.:.x4...H.?...^........G..=........o.. &bJ.u...)...Z..5..)......VQ..T..b.IJ..@.j.[h...[.T1.v~}..H....L.DOls.}EM..r.>..5Z{5..?..C@....w/J.cW$.k|......Rf.s.C.4RQL.*.*..c=2..l.eH<.%}..T.'^.i
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dJodm[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                        Category:downloaded
                                        Size (bytes):5872
                                        Entropy (8bit):7.896288541589918
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:31C169DA3D4A458B5DE5F52731CA9F04
                                        SHA1:DD68FE6C71D04E7843CA8BD835F0CDBFAA509C6D
                                        SHA-256:FFA679470095573ED2669503D33C6567CC3E3DD865F76C6065757017DCCA3F2F
                                        SHA-512:3D47FF239CCAA5CDEAE87BFE255D9CAE4ED94457773C6F3140EB6774FD2019587555CF0CFE10E3E4C00D013A3AC9C859821D2812CF4737BC8D1620883AE56746
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJodm.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..D=....'jb.......Yg...Z.r.w...+.....G..?.#...&.$..."UTQ.P0..*UW.O.(.U..+.(...^..._j.P..x.......mB=C..6.YT.z...........y.Y.Ykw.Q.+C...j..H....zqd......(..2]..3.YV.BD.r...6~aQ.u5........*.a5...ywn.G....)+#_...{..Lr6..W..#.;W5.Ha.W...-.B...z..U.L.....V...lnH.O.`........w-.\......"..BjA...k..)..F.3.L...L...x.P....t.=ii.&...*9.t.J...H.b.I".|v.4"X.RQLB.1.h....i@
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dJwMH[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):17840
                                        Entropy (8bit):7.926648309582621
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3D9D250A5B092741BDB5FFEA026F0B24
                                        SHA1:ADAD69D5CBF2434CC80242419387F6625517CAEC
                                        SHA-256:95E67A44B42B0BE7A72102CAA6D78FB90DB1919316F000C4B8B8B19E24A9E29A
                                        SHA-512:AA713F4CAD254EB9065B02B2E573E25F59A380C59CFA17A224059C2F6C1E7AF6A2975949E8783485BDEFA94DC379CF4496C624B4D76EF4AD9FF003BE903266EB
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJwMH.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=461&y=303
                                        Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..1KH.:..RR.S...-..(.....)E.-...HdmPIS.B... 4.Hz.$1..(...TN*cL".J....*b).k.t.m....v.-(Z!J..5V..(..WLU..bb.)h.Q"b..Q.(..O..SM>..X....v>.0...J+.'8.QE1.z.|)..+&.....6...c..d.p..z..6....T...I._J6.E.S...AOz:....;....XZq...uQ..1..,Dp.v3T....f.Q.2j....4...q..`%%-%1.zUi..e.UI...(Hr.,]*...4U....X..U.j.u.....d..=.2..R.JZ@Y..MPE..d.E-%.........b..F)i(....6.1.4.).i..y..@.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dK7lN[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):11566
                                        Entropy (8bit):7.943559683756065
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:315843F5AB5AB4887DEFA38662FC64E8
                                        SHA1:E454D2353351CF49FAF147D4FA70B9C49977E32C
                                        SHA-256:CC358ADFFD7003F80DBC75A4B2AA7BBC6100008E1F26FBFAA4819259F69E3EBE
                                        SHA-512:318F08F207182014500D3CA96225464ECF1E42174CD9CC377596F2E2E6451324CC90A842553B124949A0AB72F8BEC6B47CC6770061F134381498F3725C0D2432
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dK7lN.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=550&y=314
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....N......c..=.*.(Y~cIuc..X.5.]...N....TZ.% e....V.......ob..0Gl[.m..G5^......@x&.[..gca...@;w..e_.....F...V.p2G...V+.....f.og.....Y......%.h.r.....8l.u...c..1.v~..X..g...`.F..Ch.d.b...C05..Y.K.}...O,........Mw.)lX...LG39.v.r)..........RZ.4..)....{.l..]t`......e.+.Z..#..(...U..*....R[..5..&*....j}D.%b.S^...t.e.6.&.... ..o3F......T".CS(.......Q5..m.3O7Q..Vve..S.h.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dKeNs[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):14457
                                        Entropy (8bit):7.928677754200096
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:440F6C0169A22B6DB9281414EA76D9B3
                                        SHA1:BE5B1082AF7CDFFC07FB2B6740E5E42B64BCD6B8
                                        SHA-256:1DBBA91D0AC93BCD1FF2F91C783439E905ECC155B50CC35E268CF8BD6E1114CF
                                        SHA-512:D51C658E760118834BEEC75886043685EC07B9C87F02C51A30C800B30967FA4216F6033DA26D76AD6DCD21BEA53623329BB794E079A58114C19C52028BD94CB1
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dKeNs.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....Z..1(....)h......(.....Z(.(..)h.(.....Z(.(.....Z(.?Z..g.....8....j7.$}A.......n..j.B_.r....RzX..V....]....`R?.}...G..q..o21..y.D.vi..............eJ7..n.m....s.%-...R.P.QKE.%.....R.@.E.P...E..R.@..R..QKE..QK@.E-...R.@.KGp;.....T0....i]l...(..E.P.E.P.e.'?.....T. A&N>SW.U+.ci.sb:.R:+.E.Q.\.......9>.....n.....UO...)q].8.S.98.O.N.L.....4..fGB.f...N....:u..._R*...[
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBIbTiS[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):820
                                        Entropy (8bit):7.627366937598049
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9B7529DFB9B4E591338CBD595AD12FF7
                                        SHA1:0A127FA2778A1717D86358F59D9903836FCC602E
                                        SHA-256:F1A3EA0DF6939526DA1A6972FBFF8844C9AD8006DE61DD98A1D8A2FB52E1A25D
                                        SHA-512:4154EC25031ED6BD2A8473F3C3A3A92553853AD4DEFBD89DC4DD72546D8ACAF8369F0B63A91E66DC1665CE47EE58D9FDD2C4EEFCC61BF13C87402972811AB527
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBIbTiS.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs.................IDAT8O.S.K.Q....m.[.L\.,%I*..S......^.^.z..^..{..-.Bz.....MA+...........{W....p.9..;.s....^..z..!...+..#....3.P..p.z5.~..x>.D.].h.~m..Z..c.5..n..w...S."..U.....X.o...;}.f..:.}]`..<S...7.P{k..T.*....K.._.E..%x.?eRp..{.....9.......,,..L.......... .......})..._ TM)..Z.mdQ.......sY .q..,.T1.y.,lJ.y...'?...H..Y...SB..2..b.v.ELp....~.u.S...."8..x1{O....U..Q...._.aO.KV.D\..H..G..#..G.@.u.......3...'...sXc.2s.D.B...^z....I....y...E..v.l.M0.&k`.g....C.`..*..Q..L.6.O&`.t@..|..7.$Zq...J.. X..ib?,.;&.....?..q.Q.,Bq.&......:#O....o..5.A.K..<..'.+.z...V...&. .......r...4t.......g......B.+-..L3....;ng>..}(.....y.....PP.-.q.....TB........|HR..w..-....F.....p...3.,..x..q..O..D......)..Vd.....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBK9Hzy[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):541
                                        Entropy (8bit):7.367354185122177
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4F50C6271B3DF24A75AD8E9822453DA3
                                        SHA1:F8987C61D1C2D2EC12D23439802D47D43FED3BDF
                                        SHA-256:9AE6A4C5EF55043F07D888AB192D82BB95D38FA54BB3D41F701863239E16E21C
                                        SHA-512:AFA483EAFEAF31530487039FB1727B819D4E61E54C395BA9553C721FB83C3B16EDF88E60853387A4920AB8F7DFAD704D1B6D4C12CDC302BE05427FC90E7FACC8
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBK9Hzy.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs.................IDAT8O.Q.K[A...M^L../+....`4..x.GAiQb..E<..A.x..'!.P(-..x....`.,...D.)............ov..Yx.`_.4...@._ .r...w.$.H....W...........mj."...IR~f...J..D.|q.......~.<....<.I(t.q.....t...0.....h,.1.......\.1.........m......+.zB..C.....^.u:.....j.o*..j....\../eH.,......}...d-<!t.\.>..X.y.W....evg.Jho..=w*.*Y...n.@.....e.X.z.G.........(4.H...P.L.:".%tls....jq..5....<.)~....x...]u(..o./H.....Hvf....*E.D.).......j/j.=]......Z.<Z....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBUE92F[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):708
                                        Entropy (8bit):7.5635226749074205
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:770E05618413895818A5CE7582D88CBA
                                        SHA1:EF83CE65E53166056B644FFC13AF981B64C71617
                                        SHA-256:EEC4AB26140F5AEA299E1D5D5F0181DDC6B4AC2B2B54A7EE9E7BA6E0A4B4667D
                                        SHA-512:B01D7D84339D5E1B3958E82F7679AFD784CE1323938ECA7C313826A72F0E4EE92BD98691F30B735A6544543107B5F5944308764B45DB8DE06BE699CA51FF7653
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBUE92F.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs...%...%.IR$....YIDAT8OM..LA...~..."".q...X........+"q@...A...&H..H...D.6..p.X".......z.d.f*......rg.?.....v7.....\.{eE..LB.rq.v.J.:*tv...w.....g../.ou.]7........B..{..|.S.......^....y......c.T.L...(.dA..9.}.....5w.N......>z.<..:.wq.-......T..w.8-.>P...Ke....!7L......I...?.mq.t....?..'.(....'j.......L<)L%........^..<..=M...rR.A4..gh...iX@co..I2....`9}...E.O.i?..j5.|$.m..-5....Z.bl...E......'MX[.M.....s...e..7..u<L.k.@c......k..zzV....O..........e.,.5.+%.,,........!.....y;..d.mK..v.J.C..0G:w...O.N...........J....|....b:L=...f:@6T[...F..t......x.....F.w..3....@.>.......!..bF.V..?u.b&q.......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[1].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[2].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\de-ch[1].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\f489d89a-0e50-4a68-82ea-aa78359a514f[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
                                        Category:downloaded
                                        Size (bytes):71729
                                        Entropy (8bit):7.978138681966507
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CF11BAF2E1D8672BBE46055C034BAE56
                                        SHA1:7305B5298E7EFE304F11C4531A58D40ECD4EA99D
                                        SHA-256:2F7B151005B4E02B04116E540BE590E8C838B5CFE947358993DE63880520D10E
                                        SHA-512:646219C6D6FDDDDE4FD6B00B98C3EA10E33A182A39852011CAA2CBDADB2FAB4517950E3F6E972119435B4C18A823F6F1B38E74B6EC19F9ACF49D1EDB7096111D
                                        Malicious:false
                                        IE Cache URL:https://cvision.media.net/new/300x300/2/99/84/174/f489d89a-0e50-4a68-82ea-aa78359a514f.jpg?v=9
                                        Preview: ......JFIF.............C....................................................................C.......................................................................,.,.."...........................................J...........................!..1A."Qa.q..#2...B....$3R...%.Cb.4Scr.&st.....................................B........................!.1.."AQa..#q..2....B..$3b...4R.r...%CSc............?..6t....../..b....~.c.r....f.,......si.~NV...wKD..7...O0..).tm..c..:.]Ff.Q.....Fr.wT...X..;......dn...s.y....by..2G......`J!T.):....c.....~!.D.c).9B[.$7.......$xNF..jfLW"D.a..MR.^H..,u<.h..:. ...eV...%..AT...S ..`.o.Y.U...%}..I.G...w/....$........X.........SI#......".)..T^..f.0.+......W.....zT.]x.*.eIl.h.$..p.).,.1E...CCi....(3.ZY8S........x.....Q..)bw..u..4M...]..5..4....r."..(.T}.K.wf.w.*.0...nc....~.6.\.~P.*.$x....J.4/....!d. .D.s..9...fa..D.8x.....a..6.*...t`.T.u...9..IO.*..%.I...FQ'G..._./,`.....LF....+,L.B.d.$a}[A..O...>.D>.. dVc5~....5.@.....C..a..6..m...N........
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fcmain[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:downloaded
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        IE Cache URL:https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=722878611&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1613537159534059137&ugd=4&rtbs=1&nb=1&cb=window._mNDetails.initAd
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\http___cdn.taboola.com_libtrc_static_thumbnails_3e4db03aeb27326fa409d0201601c66d[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):10928
                                        Entropy (8bit):7.956030588292682
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0C1A16B7BE63A652982673F6557DC826
                                        SHA1:57270462703461486071ABBA8C09E0A4D763AC81
                                        SHA-256:708CCCB9C1594400AC6F3AD998B498A9EEDCC50A8A6194EA633C9DC6D656B139
                                        SHA-512:2D0937F8E4547A895BAFACF1644CC7F465F5D081BF4B600ABDC8C7A275E69B335A0A4C5452DFFBE1CB1A8F6C62FFEB2D1CFF672755764F3B3274A0140E47842F
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F3e4db03aeb27326fa409d0201601c66d.jpg
                                        Preview: ......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C.......)..)W:1:WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW......7.....................................................................................oCk..9\..`. v..../D.Hs5 .4..Vu=@..1..g.A.....Y.....HV5cN....jy..k..........b.@..8...K........N..&...\.N:..WT.0..I..q8z.4...&fP...5|..p.51J...).....(>.Q.\...e....(.L..k...v.Q..5...F.jL..A.....z.@u.....[+....AhG*......c.......VR.&a.x\..d......}...:......4.2.A..3N;B.Z1...\.T....8..^....v.]...R.o.;.1....}..7VE....2.....V.&;P...9.R]>....UY.zn6...Ej........(Md....JBMX........T...>.%.^.1.af.w..Y.M.ft.......*.a....Rc..9..jj.N~....Nl..BW;f.......O...g-..PY.f...6...@..k..|.u....E.N.>.m\.1..@...C.(-r..D.".C..f....y.*Y..K.S=-3.. @.......:.....xsb.Z.;.^.3{..<.<...Y\...........4.. .BZ.d.....}W..yG..~..`o.w.\.$.. @.....VcQ...A@.Z....Kx.;9#k.5..G.1...... @.`.>Z..OK.i#..'..O....i...w........... .8.....A.....?...f...,Zg.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\log[1].gif
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Preview:
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\medianet[1].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines
                                        Category:downloaded
                                        Size (bytes):384619
                                        Entropy (8bit):5.484064308708373
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:019B16E52276284EEEB6AA4BAADF329A
                                        SHA1:FF8CC4245C27205160169D951DBD882839D1408E
                                        SHA-256:20532F04E8CBCEE749A63C756751686FE0EF5A13118C2A748C42EB592A38FEE6
                                        SHA-512:779DBA0108745DF899478590437F66B9FFBD3998503F2D5721170185D9C84C1738D7628B244CA251309C9BA8C7AA006B2FE19AAA27A285F315BA5CA84094FDC1
                                        Malicious:false
                                        IE Cache URL:https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                                        Preview: <html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs||{},window.mnjs.ERP=window.mnjs.ERP||function(){"use strict";for(var a="",l="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function m(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(s=0;s<3;s++)e+=g[s].length;if(0!==e){for(var n,o=new Image,t=f.lurl||"https://lg3-a.akamaihd.net/nerrping.php",r="",i=0,s=2;0<=s;s--){for(e=g[s].length,0;0<e;){if(n=1===s?g[s][0]:{logLevel:g[s][0].logLevel,errorVal:{name:g[s][0].errorVal.name,type:a,svr:l,servname:c,message:g[s][0].errorVal.message,line:g[s][0].errorVal.lineNumber,description:g[s][0].errorVal.description,stack:g[s][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON||"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)).length+r.length<=1
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\medianet[2].htm
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:HTML document, ASCII text, with very long lines
                                        Category:downloaded
                                        Size (bytes):384618
                                        Entropy (8bit):5.484078331973664
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D6FC9B0B03BD03839B80DC197425E6CE
                                        SHA1:DB39C07A5F2CF0195877C18284D6DEA228D946C9
                                        SHA-256:AEA17A24CA5420A59B76D23F5F0786CEE236D072D9AAFF67D911B837D464E5C5
                                        SHA-512:767E1B0D7C4AD0FB9954F6C0A85C1296427583A998C9AB7EC471EBDC32D0443BD30351FB6EAA6459934440B87ACEF03E8C49033A346BE6BA1D672ED3EED3A420
                                        Malicious:false
                                        IE Cache URL:https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                                        Preview: <html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs||{},window.mnjs.ERP=window.mnjs.ERP||function(){"use strict";for(var a="",l="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function m(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(s=0;s<3;s++)e+=g[s].length;if(0!==e){for(var n,o=new Image,t=f.lurl||"https://lg3-a.akamaihd.net/nerrping.php",r="",i=0,s=2;0<=s;s--){for(e=g[s].length,0;0<e;){if(n=1===s?g[s][0]:{logLevel:g[s][0].logLevel,errorVal:{name:g[s][0].errorVal.name,type:a,svr:l,servname:c,message:g[s][0].errorVal.message,line:g[s][0].errorVal.lineNumber,description:g[s][0].errorVal.description,stack:g[s][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON||"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)).length+r.length<=1
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otBannerSdk[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):353215
                                        Entropy (8bit):5.298793785430684
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9982BA07340077CE7240B75C6C6FCBB4
                                        SHA1:D776E39E13F151C5ED2F7E5761EDE13D9CC72D27
                                        SHA-256:87C99BCF98F3DA7D1429DAC8184E3212634B65706CE7740CE940D1553B57DAAA
                                        SHA-512:3EEB895128D38BBBE4FDE8CD71B4FC563C38FFA2F1BCBB3A323D280B4812B0B111DEC1D745BE8EE8F792F7977978FFF03BB00C795C3F5CAFE6E62B3EDF2E88FD
                                        Malicious:false
                                        IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/otBannerSdk.js
                                        Preview: /** .. * onetrust-banner-sdk.. * v6.7.0.. * by OneTrust LLC.. * Copyright 2020 .. */..!function () { "use strict"; var o = function (e, t) { return (o = Object.setPrototypeOf || { __proto__: [] } instanceof Array && function (e, t) { e.__proto__ = t } || function (e, t) { for (var o in t) t.hasOwnProperty(o) && (e[o] = t[o]) })(e, t) }; var r = function () { return (r = Object.assign || function (e) { for (var t, o = 1, n = arguments.length; o < n; o++)for (var r in t = arguments[o]) Object.prototype.hasOwnProperty.call(t, r) && (e[r] = t[r]); return e }).apply(this, arguments) }; function l(s, i, a, l) { return new (a = a || Promise)(function (e, t) { function o(e) { try { r(l.next(e)) } catch (e) { t(e) } } function n(e) { try { r(l.throw(e)) } catch (e) { t(e) } } function r(t) { t.done ? e(t.value) : new a(function (e) { e(t.value) }).then(o, n) } r((l = l.apply(s, i || [])).next()) }) } function k(o, n) { var r, s, i, e, a = { label: 0, sent: function () { if (1 & i[0]) throw i[1]
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otFlat[1].json
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):12588
                                        Entropy (8bit):5.376121346695897
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AF6480CC2AD894E536028F3FDB3633D7
                                        SHA1:EA42290413E2E9E0B2647284C4BC03742C9F9048
                                        SHA-256:CA4F7CE0B724E12425B84184E4F5B554F10F642EE7C4BE4D58468D8DED312183
                                        SHA-512:A970B401FE569BF10288E1BCDAA1AF163E827258ED0D7C60E25E2D095C6A5363ECAE37505316CF22716D02C180CB13995FA808000A5BD462252F872197F4CE9B
                                        Malicious:false
                                        IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/assets/otFlat.json
                                        Preview: .. {.. "name": "otFlat",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCI+PGRpdiBjbGFzcz0ib3Qtc2RrLWNvbnRhaW5lciI+PGRpdiBjbGFzcz0ib3Qtc2RrLXJvdyI+PGRpdiBpZD0ib25ldHJ1c3QtZ3JvdXAtY29udGFpbmVyIiBjbGFzcz0ib3Qtc2RrLWVpZ2h0IG90LXNkay1jb2x1bW5zIj48ZGl2IGNsYXNzPSJiYW5uZXJfbG9nbyI+PC9kaXY+PGRpdiBpZD0ib25ldHJ1c3QtcG9saWN5Ij48aDMgaWQ9Im9uZXRydXN0LXBvbGljeS10aXRsZSI+VGhpcyBzaXRlIHVzZXMgY29va2llczwvaDM+PCEtLSBNb2JpbGUgQ2xvc2UgQnV0dG9uIC0tPjxkaXYgaWQ9Im9uZXRydXN0LWNsb3NlLWJ0bi1jb250YWluZXItbW9iaWxlIiBjbGFzcz0ib3QtaGlkZS1sYXJnZSI+PGJ1dHRvbiBjbGFzcz0ib25ldHJ1c3QtY2xvc2UtYnRuLWhhbmRsZXIgb25ldHJ1c3QtY2xvc2UtYnRuLXVpIGJhbm5lci1jbG9zZS1idXR0b24gb3QtbW9iaWxlIG90LWNsb3NlLWljb24iIGFyaWEtbGFiZWw9IkNsb3NlIEJhbm5lciIgdGFiaW5kZXg9IjAiPjwvYnV0dG9uPjwvZGl2PjwhLS0gTW9iaWxlIENsb3NlIEJ1dHRvbiBFTkQtLT48cCBpZD0ib25ldHJ1c3QtcG9saWN5LXRleHQiPldlIHVzZSBjb29raWVzIHRvIGltcHJvdmUgeW91ciBleHBlcmllbmNlLCB0byByZW1lbWJlciBsb2ctaW4gZGV0YWlscywgcHJvdmlkZSBzZWN1cmUgbG9
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otPcCenter[1].json
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):46394
                                        Entropy (8bit):5.58113620851811
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:145CAF593D1A355E3ECD5450B51B1527
                                        SHA1:18F98698FC79BA278C4853D0DF2AEE80F61E15A2
                                        SHA-256:0914915E9870A4ED422DB68057A450DF6923A0FA824B1BE11ACA75C99C2DA9C2
                                        SHA-512:D02D8D4F9C894ADAB8A0B476D223653F69273B6A8B0476980CD567B7D7C217495401326B14FCBE632DA67C0CB897C158AFCB7125179728A6B679B5F81CADEB59
                                        Malicious:false
                                        IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/assets/v2/otPcCenter.json
                                        Preview: .. {.. "name": "otPcCenter",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY0NlbnRlciBvdC1oaWRlIG90LWZhZGUtaW4iIGFyaWEtbW9kYWw9InRydWUiIHJvbGU9ImRpYWxvZyIgYXJpYS1sYWJlbGxlZGJ5PSJvdC1wYy10aXRsZSI+PCEtLSBDbG9zZSBCdXR0b24gLS0+PGRpdiBjbGFzcz0ib3QtcGMtaGVhZGVyIj48IS0tIExvZ28gVGFnIC0tPjxkaXYgY2xhc3M9Im90LXBjLWxvZ28iIHJvbGU9ImltZyIgYXJpYS1sYWJlbD0iQ29tcGFueSBMb2dvIj48L2Rpdj48YnV0dG9uIGlkPSJjbG9zZS1wYy1idG4taGFuZGxlciIgY2xhc3M9Im90LWNsb3NlLWljb24iIGFyaWEtbGFiZWw9IkNsb3NlIj48L2J1dHRvbj48L2Rpdj48IS0tIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGlkPSJvdC1wYy1jb250ZW50IiBjbGFzcz0ib3QtcGMtc2Nyb2xsYmFyIj48aDMgaWQ9Im90LXBjLXRpdGxlIj5Zb3VyIFByaXZhY3k8L2gzPjxkaXYgaWQ9Im90LXBjLWRlc2MiPjwvZGl2PjxidXR0b24gaWQ9ImFjY2VwdC1yZWNvbW1lbmRlZC1idG4taGFuZGxlciI+QWxsb3cgYWxsPC9idXR0b24+PHNlY3Rpb24gY2xhc3M9Im90LXNkay1yb3cgb3QtY2F0LWdycCI+PGgzIGlkPSJvdC1jYXRlZ29yeS10aXRsZSI+TWFuYWdlIENvb2tpZSBQcmVmZXJlbmNlczwvaDM+PGRpdiBjbGFzcz0ib3QtcGxpLWhkciI+PHNwYW4gY2xhc3M9Im90LWxpLXRpdGxlIj5Db25zZW50PC9
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\AAJe2XO[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):374
                                        Entropy (8bit):6.8808872304188196
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:69DDCAEFFA926DB533C0A2E4BF65D37E
                                        SHA1:11A1E820FC2591CB8CE47D03D17E5F15B665FB4B
                                        SHA-256:1205BFCE5A14A893A343261C99616BA82D9AD65F6826CABF0113D085A3F74869
                                        SHA-512:ACB30D5345A6EB4B7CF730A1BF3AAABD42C98CF91C11F654B2EE8231B799115614629E75616C9F8E2D80B8A4CD68FA088C6B73A9102110E388336F7DC425F554
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAJe2XO.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Ocd....@.`..d......;+....-.777...._...2.;u..=.F...................j.6.}.M.G..08Y.AU!.V/....L......##..[.xxx.*.r....0........z.?j..e......s/0...l..k...#C..'CVr,Ce]3C...P...k......o.......1y.._ .....#P.....V...N..x4..3.._.......he.p..#../_2.}......PYL0.3....=HLZ:.......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\AAyuliQ[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):435
                                        Entropy (8bit):7.145242953183175
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D675AB16BA50C28F1D9D637BBEC7ECFF
                                        SHA1:C5420141C02C83C3B3A3D3CD0418D3BCEABB306A
                                        SHA-256:E11816F8F2BBC3DC8B2BE84323D6B781B654E80318DC8D02C35C8D7D81CB7848
                                        SHA-512:DA3C25D7C998F60291BF94F97A75DE6820C708AE2DF80279F3DA96CC0E647E0EB46E94E54EFFAC4F72BA027D8FB1E16E22FB17CF9AE3E069C2CA5A22F5CC74A4
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyuliQ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs................HIDAT8O.KK.Q.....v...me....H.}.D.............A$.=..=h.J..:..H...;qof?.M........?..gg.j*.X..`/e8.10...T......h..\?..7)q8.MB..u.-...?..G.p.O...0N.!.. .......M............hC.tVzD...+?....Wz}h...8.+<..T._..D.P.p&.0.v....+r8.tg..g .C..a18G...Q.I.=..V1......k...po.+D[^..3SJ.X..x...`..@4..j..1x'.h.V....3..48.{$BZW.z.>....w4~.`..m....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB116fUs[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):556
                                        Entropy (8bit):7.514850736634696
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E1151A6B9E3494661505A7075B34E9A0
                                        SHA1:DFF101BFF9F5CDD45F33C71C05867052FF6A191D
                                        SHA-256:ACB77C2049B5F2B4C225F5495B6F221B71BE5D5840CABFD87B32FD67E09FD78E
                                        SHA-512:0A775B517A5F4DB5B91D4AF90075A2A676110B73812D97ABBF67E14A4A0C2FF93DCAFED92C45237488831BE089BA0F27FD8EEF4CDA244E3036D23483F29EB0C2
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB116fUs.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O.S..`.../.5...m`./.UP.$..o{....z...z.h.......g..XO*..Z...E.....If..i.......y/..13....3.~.@..\...#%.....WjP.^j.5.p.A.V.+.J.. I..Z._{...R......n-.5D#.~...p...Q..4.u..+..~.A.Ydf..|..Q.>.$..}.;.%..H_[..r$.Y.tP...!..17A.8ln:"rYb.....n.).6.<yL.....[..'.....q..E.Y.<...O.ws..yT..j..?-......t*Lp.P.L..1.g..[.v.c..x6.........q.m.....n.......:\6..L.b..%L.j..].....P.....Xj@.l3P....(a.%...V...yI...`......r%$....q....]..N....\....`0............{....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB14EN7h[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):10663
                                        Entropy (8bit):7.715872615198635
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A1ED4EB0C8FE2739CE3CB55E84DBD10F
                                        SHA1:7A185F8FF5FF1EC11744B44C8D7F8152F03540D5
                                        SHA-256:17917B48CF2575A9EA5F845D8221BFBC2BA2C039B2F3916A3842ECF101758CCB
                                        SHA-512:232AE7AB9D6684CDF47E73FB15B0B87A32628BAEEA97709EA88A24B6594382D1DF957E739E7619EC8E8308D5912C4B896B329940D6947E74DCE7FC75D71C6842
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB14EN7h.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...E.(.Y....E.D....=h...<t.S......5i..9.. .:..".R..i...dt&..J..!...P..m&..5`VE..|..j.d...i..qL=x...4.S@..u.4.J.u.....Ju%.FEU..I.*.]#4.3@.6...yH...=..}.#....bx...1s...O.....7R....."U...........jY.'.L.0..ST.M.:t3...9...2.:.0$...V..A..w..o..T.Y#...=).K..+.....XV...n;......}.37.........:.!E.P.E%...RQ@.E%...RQ@.E%...RQ@.E%...RQ@.E%...RQ@.E%...RQ@.E%...RQ@.E%-...uE,.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB14hq0P[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):14112
                                        Entropy (8bit):7.839364256084609
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A654465EC3B994F316791CAFDE3F7E9C
                                        SHA1:694A7D7E3200C3B1521F5469A3D20049EE5B6765
                                        SHA-256:2A10D6E97830278A13CD51CA51EC01880CE8C44C4A69A027768218934690B102
                                        SHA-512:9D12A0F8D9844F7933AA2099E8C3D470AD5609E6542EC1825C7EEB64442E0CD47CDEE15810B23A9016C4CEB51B40594C5D54E47A092052CC5E3B3D7C52E9D607
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB14hq0P.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..ii(....(.h........Z(....JZ.)i(....(.......(.......(....J...+h...@....+...e.9...V..'."!.@....|......n...@My..w9;.5I...@....L..k...w2.'...M8)4..>.u9..5U.w9,M(....!E..!.[.5<v.?AV..s...VS....E5v........Q.^jwp*3&MJrf..J..|p...n .j..qW#.5w.)&.&..E^..*..."..T.......y.U.4.IK.sK.ooj.....Z..3j...".)..c..~... .RqL...lcym..R..gTa..a9.+....5-.W'.T@.N.8"...f.:....J.6.r.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB15AQNm[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):23518
                                        Entropy (8bit):7.93794948271159
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C701BB9A16E05B549DA89DF384ED874D
                                        SHA1:61F7574575B318BDBE0BADB5942387A65CAB213C
                                        SHA-256:445339480FB2AE6C73FF3A11F9F9F3902588BFB8093D5CC8EF60AF8EF9C43B35
                                        SHA-512:AD226B2FE4FF44BBBA00DFA6A7C572BD2433C3821161F03A811847B822BA4FC9F311AD1A16C5304ABE868B0FA1F548B8AEF988D87345AEB579B9F31A74D5BF3C
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB15AQNm.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=868&y=379
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...CKHh.........i.@.....i..lR2...MpR..^E....&EYv..N.j...e..j..U,..*..BZ...qQM.dT....@..8..s..i..}....n..D...i.....VC.HK"..T.iX.f.v&.}.v..7..jV.....jF.c..NhS.L.b>x".D...,..G.Z..!.i..VO..._4.@X.].p..].5b+...Uk...((@.s'..?Hv............\z.z.JGih..}*S.....T..WBZ...'.T?6..j.H"....*..%p3.YnEc.W.f.^......Q.....#..k..Z......I:..MC..H.S..#..Y ..A.Zr...T..H..P..[..b.C.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1CcOi[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):464
                                        Entropy (8bit):7.2494098422360915
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C4C7A51C01E16D1D03F0147EC628CA0E
                                        SHA1:428B31826761AE62D9F9BBBC67BAC3B73B38F7B1
                                        SHA-256:0845F028115F47C56A7172277D0F63F015A13E32E0702FBE8854433F08060CA8
                                        SHA-512:E2A31438C113DF318A284B9C547F7916FF6DBD94A3CB12141F5F291D6EFDB77D98BA9806DEEF2DC6DDF5E8390D04090AAB22AE55366F3FBCE52A4E4C2D7CDC32
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1CcOi.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J....eIDAT8O.S.J.@.=I.GE.M..T.....|.....UP.A......q.Bp.....Z|.-.`Sm..Ug&R..U.<p9...3w...vG.y...^......V.o@..?..(..iB... ..o.....2v|.13.8...eY.[..n.v.o.&.$...N.=.Jt...H....&.i......I...*.u...EQDfj.....'.HH....}....G~9...$IDZO.`...Z........n.8:>....~......%....4......nn.qU*.y=&.._\B.b(.U..*x..a..C.Q.a.Mxd.....F.A.....S(...I.......X.5...+Db....+...Ut..C.;X..Cl.R.....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dIKXA[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):5915
                                        Entropy (8bit):7.8947171190975425
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DEC8C56214BC821A355B6EDBC55A118C
                                        SHA1:0AA47ECC4DD75F7C15C5EABED18A37EFAED4439D
                                        SHA-256:75A5691E937F085BB864A7A92F585A2F5F280BB666F73494DDE41B62AE86E95D
                                        SHA-512:E5CD712CE4805F4ABAE435B0D664F66FBA21FAF9DA5831E40878FB2152DF69D90A712E2079CB6EF6FF8C60665A274D3F18BEAD1951570154D7FEFB9367ABAB42
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dIKXA.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..6.H....L....R.M".!+I."."......J../z........M"...M"..0....LT.SM.3..S.4..LSH.R....B).i..)....../JCN..C....M?..Hg[.a..).U.BE4...4....B;.i...c#........y..Bi.T.SH.c1L5&).R...O4..#.4.M..b.i.h...O".E.2.HE(.b....HE.Di..i......U.K..F.M"......3.+S1..0.J..O.i...2..a....4..CJi(..SM<.. ...<.h.)..i.....v.:.(.T.@..)..i..5iM .A4...H....@t1..0.=....z... ..Fj...Y3@.Z.c.)zc.h.......d
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dJCwI[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):10958
                                        Entropy (8bit):7.945574730717968
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4BB16D388281FA9CFDAF0765A5CB53B5
                                        SHA1:4160E08B6151EDCD3C2AACACE3C0C72853D4A469
                                        SHA-256:B26024697F6C4978FB1A9CA814F9C06312B5896540FADAD735B5EAD2600B27CA
                                        SHA-512:E6ED3FFB290EE1B1BA0C41F9BC0D949C319FA85D5E3AAD946D998BA3DF539C6BA0860C9972FF41A871CEC5A7EAB45F33D10A87D2AEB6988B8D0DDFD95E03B9BC
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJCwI.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=637&y=253
                                        Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...yL..Gf..4...........I(T.+.4..H2..N+6.I.fW\.3....F........'i..X.%FOC...t....@.iT..~...^..7E!.`>.g=0;....9..mi....RN..<...Y.......zsHS?Z.L.\...$.7/."..Z.s&A........(..G....(.C..Tv.J.).E..c....d@p..N..G.S..!v.p.\.Ro_./.L....EO.G...M*)4........E[.23Q..*\Gr..|..L.P.a.f.%B[.A......q(......f.>..\.8.4...H.&.....N...._...Rr..O...A....>........D..i..N.w..E4.%e.8.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dJKCQ[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):9227
                                        Entropy (8bit):7.947614353149798
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:51D77B792B5DE80C89889F629443B145
                                        SHA1:79EBE7A3B32C45717DB942E9DD0334B8C7715AFF
                                        SHA-256:7A9BA5AB6ABEC181B56F14E2464A404DF9CCCA8247ECB872EAF420512C5B371D
                                        SHA-512:74BDF164D660CB2A93A6BAD41C6FDD7830E84E044ECFE347B36EA3F0A93AA94EB0DFDC7522F7D3C6C7145A457C8A3016EEF5707405801ACF22E94D09F6A84BD0
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJKCQ.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=515&y=258
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..a...s.*F.z...\.Y.4W.g.Y..y'.hEd.Z.H.p*.c.|..;A..Q0... .w..-@.?.im.r(+.....Q[Q..R..c..U..9B./...'..........GaG(\.m..H`..].1....r...q.P-...R...G(\..q..Uk...t.B8.Y....s.......f9..[....1m..Q<.j....!.o...?...Z.^G...............~b..K.J.2J.....C.}%...k.sq..F..j.V=.D...._._...[./-.`..GO.X....4q................)ZP.F..G...s....j..A....V...w.....M....v..hRrW=J..
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dJOCl[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x250, frames 3
                                        Category:downloaded
                                        Size (bytes):10406
                                        Entropy (8bit):7.95039447352553
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:44DDE9F1DEEF03704410705ABDE21ADE
                                        SHA1:56D2B3100BC200B3732604FDD790349574AEBAF7
                                        SHA-256:8468C32E561BB62C30F9C4A31794A16861AF16B35574DD2B1A6F72AAAE703B43
                                        SHA-512:62F0481427F49022CD16D1B224CECABE41A06B90704D29B86784F7189FFEC9FA2AE87C9AEA4341A89BFA3F4CCC65CD76D722227E8DE313DC1A98DE0715F5A87B
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJOCl.img?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jpg&x=162&y=357
                                        Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.(.&h.zg..QH...B.L.@.M...4....JM4.h.cL&..M4!)..i.....HM...L.i)1.i..i...4.Ji..4..8..!.4.O5.RcC.4.M&.....4....))\aHih.&.6...LT..IN".HggKM..u...K@.E&i.J.F......Rm-X.lq4....d]..../.r...?O.T.....r..'..k.bb.5T_S..TQ.~..]."B..a..x5...}..d...=.......x=0.".x.t4TboO}.G.....3..c......zg..YU...U.l....W]..0l..9.T,T...D.sHMb[].D0.J1.K..lu....W..'..Fy..J.j.N..!.4.I[..E...!.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dJSXY[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
                                        Category:downloaded
                                        Size (bytes):1941
                                        Entropy (8bit):7.746644591304122
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F177E6F41DE542BEB710155C6071DEB8
                                        SHA1:C886B18C187416C795E8C2F2675F6D02232BA88A
                                        SHA-256:9E46454C716D183E56E029D1B32F5440849C0E0E75D0A90451E021B29A69B346
                                        SHA-512:54F85EAEECF656B45AD2361A6E0B9EE30E70270F3A3DBEFA771CFE05E1601AAC1E4EDB85BC8CFEA791A6E671C53083870ECD18069536C869A9CCB3A7C576CDB7
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJSXY.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg&x=620&y=231
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..u..O$..q.....Ce.J.zV...a.N.p+.'.'X..~k#j.N7.k..A(.....H...w...OZ[@<.S.Di)=K..m...k: ...QL.fLmB...ma/.....Pe.[.DH*.N..D......K...._n.}T.Z.w0L..pk../..^.'.NWs._..t.2 ;.;\.:.q.=.`...NMP.....I..L.Iu+G...^...Z..~...s..N?.....V6.I........p..=x ..N.o....u*.9;.1.*.Y.G'........j.E.....`.E..q....v.R(...a-.......nk7.. ..x..>..b.[e.pGCX..4...`..03.n....).*.......
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dJnl1[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, baseline, precision 8, 622x368, frames 3
                                        Category:downloaded
                                        Size (bytes):23446
                                        Entropy (8bit):7.95457451767578
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:928A050DC024936857D19D201BF01999
                                        SHA1:976729FA5B2B19E9537783CAEADD4E689FA9E384
                                        SHA-256:3295A37E0BFF14EB43E59D83D6863ED846D77D007515665A7DE86D671BE59645
                                        SHA-512:529E0B230712454AF78765E1D7BFABB62C2138B086A128FA6D7D9D61415A57B10A3E5EAE5D93774964CF71AE02DB88C1E4A1B32A18EA7BE46CBFB82A8DB52303
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJnl1.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Y..5.ip..b\.."...D5.8......J..e.z.>..c.#...5.+"..r..j.2.Q.r..z.....h...k..Z`........z.h..gQ..S..~}M*^.7...:X..ZXT......X.8.1.@1T$..$f5.F4.P6.kS.Z.....Jw....7..............,.T.;...;..B......Y.......f...0J.Ap..i...2k.k.%.5#H.0.X....;..sZ........EC!.RK.Q.Uf.c......h..zVj.#...<w..J.h.W../.M.b...d7*.....b..).A.S&.".M.![RZ+0...m..X[.#.J...Yd..(lqA.OZ.K..Z..
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dJza1[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
                                        Category:downloaded
                                        Size (bytes):6043
                                        Entropy (8bit):7.901628078519787
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:99A919528DBBE3857ADE249AD4F1CA1D
                                        SHA1:51758545F4D183A40CBE40B06D6A06D19937F80E
                                        SHA-256:8135A1F1EB3601DEA991CF9159F5F602F02EFA8E8909C8814AFF4CBEF9CC2AD8
                                        SHA-512:7B94B1DBF22205BCE450AFA3916C19E9010636D1D988ACD7234C278B45E135E41F26B0F0DD79C9E5B08B131A42F8F90E9DB942448E64C09ACE1C22EAB54392FC
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dJza1.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...J.jd.2t...J.t.........X|....k~52J.^MF.-b-)>......)-.....jd....j.<p.!\./...kGE..^....$...-..&.j.M.I..R....N@=+..S.U...%.J...k>B...r...q....R.j6.......8.N.q0*..sv..E..73.....Q(&...M...`.1........v.Sz...sk5....Q.5.....*.....W..B*.../Z..B...U.\.V.#"..Z.......(.....*...]....Hd....s...]<...\.......E.v5....].j...jdOjH.5n4....<EV.S.*n2...h%..yj..*......T..
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dK61C[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                        Category:downloaded
                                        Size (bytes):11589
                                        Entropy (8bit):7.95980359303366
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E23B1102B25072C78894C44CA80AFD07
                                        SHA1:D91786B3AFE162EBDDB6F5F0310ADCACA68DEBA0
                                        SHA-256:0C6BD094D42602D0F35AEC3B05F59F7C16C46308E06B89C859B7055B7E7DBCB7
                                        SHA-512:DE8508F6AC1327DC5792062BB8A68D46166323E2B824827A15C6B41D6ACB51A56D57E3AFBD15AE54CB949B39F9CB12DD107AE7570D48EA0352AE9F6D571AE4B0
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dK61C.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..L.+)j.-H."...'...~xd.F.Xw....m}.........>....5Q..r.T.W=|:..:hb\Yz.D..3qdM....._...Q.Uh.k.JD..P[h.$..-..sg h.#.8.Z..b..]X.#.x.. ..0$...yr....N2SWG%q.9..>j.....A.......rT.d....ox.....x.=...[..^.. .~u.f...~t..=E.......P.J.I.n.....$$...&....D.Q..v...s^.0.G.(7I,.....@95.\....&...\..vfvc......).q..Cm3.4...#.4...A.T.l.I...M.....m....U..R.l..Z.s.4...y.j.E$..#0Q.@..z.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dKhpe[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
                                        Category:downloaded
                                        Size (bytes):2769
                                        Entropy (8bit):7.8198065039148785
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C63D5ADC0ABE97728F7735DC1071D499
                                        SHA1:77ADAB823C33F34E60071FFAD2B2D0B92EBDB9CA
                                        SHA-256:4404C54152EA5F42E576697193784ED7707FFCE01AE544D5F229575E25E19E0D
                                        SHA-512:970B7AE13F06E4E2EB7C7743AF54CC688299D8FF854CDDE7520ADF2C8EC32D535BB47E57BABF66E59C36ADEE087B2310338055C58528C3ADB5ADBEC16EBAD615
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dKhpe.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg&x=640&y=436
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...<...0..y..~..{K.l..a........K..J...H..,....<..K.G.t%.g!..z.V.O..da.F...O..o..d.!.$..kaz...ZVR...EB0...~5.<T..U..a..'s.1..-3.V%;....._.jW...1,.......76.HP...Nr3..5j.La..T99..?.+5..F,..|'o..4.t{q..........?..$.z.....]h.m.!.?1......0.......#..-.@..pA.....)SQWGA..R..)6....b.x.HFh..qE;.P.B{S..p.....B.y...A`z..-o....{.vF.m,....O. W..ZE{n.M.....W/..%..>
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dKjKn[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
                                        Category:downloaded
                                        Size (bytes):17030
                                        Entropy (8bit):7.935581444091011
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1216A797F8C6D52F2191BF31C52C22DE
                                        SHA1:8E15AE68267D501DB73CF71E1742EE0A2492FFE0
                                        SHA-256:ABF0A878AF552FA5DFC1921168788A51AA63C1E09DD40EEF687EE35417AE5CE5
                                        SHA-512:17E0B79B340CA78C797207BA774AC38B1C88B514D097B5D01AC3B1B74204880B9FDCA6A9EAA4D481167696CB1F9A6CF7E41C0058A4602A4B91DE4FA342E77AAC
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dKjKn.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                        Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....9.....K..q.........K......q.U.@S...).;.).N.c.......F.u.Mv?.'......E_=?..C...IN..(CIKE0,......._.b....A<.[..\D.H.Q....R.uH.....X..8..^.,..I'......x..!.(..1..]...{..R{...+..?..O.]SH..i..pb..9.F.*.()4..[.'..]bA....n.>d*......U.k....j.P...1...C(..q.4.lrt..JC..ZJ@%..P.QE..QE..QE..(..@.QE..QE..........K....<sITd.QE...........k.....I.K...pWv..~..){...?.4S..;.68..
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB7hg4[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):458
                                        Entropy (8bit):7.172312008412332
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A4F438CAD14E0E2CA9EEC23174BBD16A
                                        SHA1:41FC65053363E0EEE16DD286C60BEDE6698D96B3
                                        SHA-256:9D9BCADE7A7F486C0C652C0632F9846FCFD3CC64FEF87E5C4412C677C854E389
                                        SHA-512:FD41BCD1A462A64E40EEE58D2ED85650CE9119B2BB174C3F8E9DA67D4A349B504E32C449C4E44E2B50E4BEB8B650E6956184A9E9CD09B0FA5EA2778292B01EA5
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB7hg4.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J...._IDAT8O.RMJ.@...&.....B%PJ.-.......... ...7..P..P....JhA..*$Mf..j.*n.*~.y...}...:...b...b.H<.)...f.U...fs`.rL....}.v.B..d.15..\T.*.Z_..'.}..rc....(...9V.&.....|.qd...8.j..... J...^..q.6..KV7Bg.2@).S.l#R.eE.. ..:_.....l.....FR........r...y...eIC......D.c......0.0..Y..h....t....k.b..y^..1a.D..|...#.ldra.n.0.......:@.C.Z..P....@...*......z.....p....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BBaK3KR[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):551
                                        Entropy (8bit):7.412246442354541
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5928F2F40E8032C27F5D77E3152A8362
                                        SHA1:22744343D40A5AF7EA9A341E2E98D417B32ABBE9
                                        SHA-256:5AF55E02633880E0C2F49AFAD213D0004D335FF6CB78CAD33FCE4643AF79AD24
                                        SHA-512:364F9726189A88010317F82A7266A7BB70AA97C85E46D15D245D99C7C97DB69399DC0137F524AE5B754142CCCBD3ACB6070CAFD4EC778DC6E6743332BDA7C7B1
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBaK3KR.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J.....IDAT8O..9,.q..:&.E..#.,B".D.Zll..q,H.......DH..X5.@....P!.#......m?...~C....}......M\.....hb.G=..}.N..b.LYz.b.%.>..}...]..o$..2(.OF_..O./...pxt%...................S.mf..4..p~y...#:2.C......b.........a.M\S.!O.Xi.2.....DC... e7v.$.P[....l..Gc..OD...z..+u...2a%.e.....J.>..s.............]..O..RC....>....&.@.9N.r...p.$..=.d|fG%&..f...kuy]7....~@eI.R....>.......DX.5.&..,V;.[..W.rQA.z.r.].......%N>\..X.e.n.^&.ij...{.W....T.......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BBkwUr[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):431
                                        Entropy (8bit):7.092776502566883
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D59ADB8423B8A56097C2AE6CBEDBEC57
                                        SHA1:CAFB3A8ABA2423C99C218C298C28774857BEBB46
                                        SHA-256:4CC08B49D22AF4993F4B43FD05DE6E1E98451A83B3C09198F58D1BAFD0B1BFC3
                                        SHA-512:34001CBE0731E45FB000E31E45C7D7FEE039548B3EA91EBE05156A4040FA45BC75062A0077BF15E0D5255C37FE30F5AE3D7F64FDD10386FFBB8FDB35ED8145FC
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBkwUr.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J....DIDAT8O..M.EA...sad&V l.o.b.X..........O,.+..D....8_u.N.y.$......5.E..D.......@...A.2.....!..7.X.w..H.../..W2.....".......c.Q......x+f..w.H.`...1...J.....~'.{z)fj...`I.W.M..(.!..&E..b...8.1w.U...K.O,.....1...D.C..J....a..2P.9.j.@.......4l....Kg6.....#........g....n.>.p.....Q........h1.g .qA\..A..L .|ED...>h....#....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BBnYSFZ[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):560
                                        Entropy (8bit):7.425950711006173
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CA188779452FF7790C6D312829EEE284
                                        SHA1:076DF7DE6D49A434BBCB5D88B88468255A739F53
                                        SHA-256:D30AB7B54AA074DE5E221FE11531FD7528D9EEEAA870A3551F36CB652821292F
                                        SHA-512:2CA81A25769BFB642A0BFAB8F473C034BFD122C4A44E5452D79EC9DC9E483869256500E266CE26302810690374BF36E838511C38F5A36A2BF71ACF5445AA2436
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                        Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O.S.KbQ..zf.j...?@...........J.......z..EA3P....AH...Y..3......|6.6}......{..n. ...b..........".h4b.z.&.p8`...:..Lc....*u:......D...i$.)..pL.^..dB.T....#.f3...8.N.b1.B!.\...n..a...a.Z........J%.x<....|..b.h4.`0.EQP.. v.q....f.9.H`8..\...j.N&...X,2...<.B.v[.(.NS6..|>..n4...2.57.*.......f.Q&.a-..v..z..{P.V......>k.J...ri..,.W.+.......5:.W.t...i.....g....\.t..8.w...:......0....%~...F.F.o".'rx...b..vp....b.l.Pa.W.r..aK..9&...>.5...`..'W......IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\a5ea21[1].ico
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
                                        Category:downloaded
                                        Size (bytes):758
                                        Entropy (8bit):7.432323547387593
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:84CC977D0EB148166481B01D8418E375
                                        SHA1:00E2461BCD67D7BA511DB230415000AEFBD30D2D
                                        SHA-256:BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
                                        SHA-512:F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                                        Preview: .PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cfdbd9[1].png
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):740
                                        Entropy (8bit):7.552939906140702
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FE5E6684967766FF6A8AC57500502910
                                        SHA1:3F660AA0433C4DBB33C2C13872AA5A95BC6D377B
                                        SHA-256:3B6770482AF6DA488BD797AD2682C8D204ED536D0D173EE7BB6CE80D479A2EA7
                                        SHA-512:AF9F1BABF872CBF76FC8C6B497E70F07DF1677BB17A92F54DC837BC2158423B5BF1480FF20553927ECA2E3F57D5E23341E88573A1823F3774BFF8871746FFA51
                                        Malicious:false
                                        IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/cfdbd9.png
                                        Preview: .PNG........IHDR................U....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.07/21/16.~y....<IDATH..;k.Q....;.;..&..#...4..2.....V,...X..~.{..|.Cj......B$.%.nb....c1...w.YV....=g.............!..&.$.mI...I.$M.F3.}W,e.%..x.,..c..0.*V....W.=0.uv.X...C....3`....s.....c..............2]E0.....M...^i...[..]5.&...g.z5]H....gf....I....u....:uy.8"....5...0.....z.............o.t...G.."....3.H....Y....3..G....v..T....a.&K......,T.\.[..E......?........D........M..9...ek..kP.A.`2.....k...D.}.\...V%.\..vIM..3.t....8.S.P..........9.....yI.<...9.....R.e.!`..-@........+.a..*x..0.....Y.m.1..N.I...V.'..;.V..a.3.U....,.1c.-.J<..q.m-1...d.A..d.`.4.k..i.......SL.....IEND.B`.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\de-ch[1].json
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                        Category:downloaded
                                        Size (bytes):76785
                                        Entropy (8bit):5.343242780960818
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DBACAF93F0795EB6276D58CC311C1E8F
                                        SHA1:4667F15EAB575E663D1E70C0D14FE2163A84981D
                                        SHA-256:51D30486C1FE33A38A654C31EDB529A36338FBDFA53D9F238DCCB24FF42F75AF
                                        SHA-512:CFC1986EF5C82A9EA3DCD22460351DA10CF17BA6CDC1EE8014AAA8E2A255C66BB840B0A5CC91E0EB42E6FE50EC0E2514A679EA960C827D7C8C9F891E55908387
                                        Malicious:false
                                        IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/6f0cca92-2dda-4588-a757-0e009f333603/de-ch.json
                                        Preview: {"DomainData":{"pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","cctId":"55a804ab-e5c6-4b97-9319-86263d365d28","MainText":"Ihre Privatsph.re","MainInfoText":"Wir verarbeiten Ihre Daten, um Inhalte oder Anzeigen bereitzustellen, und analysieren die Bereitstellung solcher Inhalte oder Anzeigen, um Erkenntnisse .ber unsere Website zu gewinnen. Wir geben diese Informationen auf der Grundlage einer Einwilligung und eines berechtigten Interesses an unsere Partner weiter. Sie k.nnen Ihr Recht auf Einwilligung oder Widerspruch gegen ein berechtigtes Interesse aus.ben, und zwar auf der Grundlage eines der folgenden bestimmten Zwecke oder auf Partnerebene .ber den Link unter jedem Zweck. Diese Entscheidungen werden an unsere Anbieter, die am Transparency and Consent Framework teilnehmen, signalisiert.","AboutText":"Weitere Informationen","AboutCookiesText":"Ihre Privatsph.re","ConfirmText":"Alle zulassen","AllowAll
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\e480cec7-d4c5-4834-8bb5-8110de9419d3[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
                                        Category:downloaded
                                        Size (bytes):62539
                                        Entropy (8bit):7.978636774700437
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:144A95E7BC2C058E97AC9EB610786E2B
                                        SHA1:B1F889A4A8B0DD3E36DE75844CD7DCF743FC27F5
                                        SHA-256:5E3795B33C832979811E67C414AD2FBBE74C81DF77FCE71C1B54BC573B374289
                                        SHA-512:E4F75F46B9CC83CB59BBF403BAA7DC7F30DF42A41ED2CD695540DE813036CA715BD1991EA2B330457CF0CF5138B93D520B7ACE19613B4A7EF818413582210D92
                                        Malicious:false
                                        IE Cache URL:https://cvision.media.net/new/300x300/2/187/197/242/e480cec7-d4c5-4834-8bb5-8110de9419d3.jpg?v=9
                                        Preview: ......JFIF.............C....................................................................C.......................................................................,.,.."..........................................F.........................!...1.."AQa.#2q...B..$R...3...Cbr%4..DSc5T...................................A.........................!..1A."Q.aq..#2B.....3..$..br...CRS%..............?....?#g..x.S..._.x....x..........4._.............z.......-.....l~G...........=~...7..~....o..~....o..?#.......x.H...:.....lu.?O............=.....l~G..<....:.........>.......P....Vq....o........~...g.]g..._.|gY.?..._..........".v.........9.uk..._rF..c........<jX....o...5.=....c...?#..>....OS..._.x.....]}..3D.x.>....x...?.......[...<zA..<.01.........^6...?.._....<g..01.3.x....X...{...G...............<g....3...c.....S...._..1....k...6a......,6.....?...c.....o..6.>3~...w..o...=..?......3................_..N............_....._.G...#....~.........?.<....O..........k..}...8
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http___cdn.taboola.com_libtrc_static_thumbnails_1922f0dc8699bf8edcf7c727cbc43d75[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):33654
                                        Entropy (8bit):7.93677204324885
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C63DABAF54A1E9D41C87A8D67E56D68A
                                        SHA1:C07BF0B5ED6DE22AC372782599D8A7ED74F82348
                                        SHA-256:2C676E5170D304519ED2F955C9F14B8D5D2535642A5A447A54FCCFE91C8AF80F
                                        SHA-512:47FD83E49A1D35C83D02B649D539B4B0D36A72E3B0586FBCDA9460AA1FB533A719983998C75B9EDF2E261563E47CA702A793801037EF207DDA5F3982CBA45107
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F1922f0dc8699bf8edcf7c727cbc43d75.jpg
                                        Preview: ......JFIF.............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1........
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http___cdn.taboola.com_libtrc_static_thumbnails_93d4933b9954eadbe7709e6a17080eca[1].jpg
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                        Category:downloaded
                                        Size (bytes):21766
                                        Entropy (8bit):7.972079328084609
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:099C7C252BEB96B217B59FBB7B1070BA
                                        SHA1:1FDACB3AE98128B82C75201AB0BC8A2A80B61272
                                        SHA-256:75C9F3D11F764C26E3EB55805D96421A52156D43E52C1A75B995A5B427536079
                                        SHA-512:D2AD1C12EE090134A8415B384F05234D19CAF844E68AA716489D3CB0BC262279A463D3250A912469765E9C0B1AFA6FB50B078BA124743B346D5C1221B64EE5D1
                                        Malicious:false
                                        IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F93d4933b9954eadbe7709e6a17080eca.jpg
                                        Preview: ......JFIF.....................................................................&""&0-0>>T.............................)......)$,$!$,$A3--3AK?<?K[QQ[rlr.........7...............6.................................................................../G..%.`. ....@L...$.........T3Tv..\b..O@...p..Kmh.".p.P!.6....#Y.......W....i9.@[.l-l2,....3.QG..H2j...7..[x...^.....m...Wv...&A.=..R...M.e.1..M.G...j.Jt.........hF.........5...A...,..9..I..y...#..]x.8.3...~3.....Q.}y....-......`a..phe...+..m...^..=Y..0.644....x .....!..B..R5`...!M.Tc..uP..oAtp...o....</.A(.V...5....n).$......P..k.G..o.........V.#(P............".d..&(p.....b~.r..9..p.6j.=7.......a....oYOh.....D.tc.o..G.).._;..=H-.z...u].zs...<M.^i....r..C>...x7...m..HL../......}*.P.\.w....nU.....>.k.....(.~1...G..k.....<..j..G.|...z.a..c....(~...gE......~.......z~B....H...;..]8{'....r..uo{h3.x.n....5.... x_].Z...G.w.|.*h,..R...cd.9.\....?b.{eU....K.%.[..J5si...O....|...z..Euw../..iTc..J9.+.........Wn..'.
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\iab2Data[1].json
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                        Category:downloaded
                                        Size (bytes):230026
                                        Entropy (8bit):5.150044456837813
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6AAA0F3074990A455B222A4D044E2346
                                        SHA1:6443AF82ED596527261B0F4367A67DD4D1BA855B
                                        SHA-256:1232E273F047113AB950CC141FC73D50640D2352B2ED16B89A1BAC01A80BEBEC
                                        SHA-512:EDE13CDE1DDEB45CD038042DCC6C1F75664EC259BC44100EB9C36361CFB657A7A661901DFEAD44DF6CEC555406A221970DF10F562AE222226546B7EFCE8E6E8D
                                        Malicious:false
                                        IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/iab2Data.json
                                        Preview: {"gvlSpecificationVersion":2,"tcfPolicyVersion":2,"features":{"1":{"descriptionLegal":"Vendors can:\n* Combine data obtained offline with data collected online in support of one or more Purposes or Special Purposes.","id":1,"name":"Match and combine offline data sources","description":"Data from offline data sources can be combined with your online activity in support of one or more purposes"},"2":{"descriptionLegal":"Vendors can:\n* Deterministically determine that two or more devices belong to the same user or household\n* Probabilistically determine that two or more devices belong to the same user or household\n* Actively scan device characteristics for identification for probabilistic identification if users have allowed vendors to actively scan device characteristics for identification (Special Feature 2)","id":2,"name":"Link different devices","description":"Different devices can be determined as belonging to you or your household in support of one or more of purposes."},"3":{"de
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otSDKStub[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):13479
                                        Entropy (8bit):5.3011996311072425
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BC43FF0C0937C3918A99FD389A0C7F14
                                        SHA1:7F114B631F41AE5F62D4C9FBD3F9B8F3B408B982
                                        SHA-256:E508B6A9CA5BBAED7AC1D37C50D796674865F2E2A6ADAFAD1746F19FFE52149E
                                        SHA-512:C3A1F719F7809684216AB82BF0F97DD26ADE92F851CD81444F7F6708BB241D772DBE984B7D9ED92F12FE197A486613D5B3D8E219228825EDEEA46AA8181010B9
                                        Malicious:false
                                        IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/scripttemplates/otSDKStub.js
                                        Preview: var OneTrustStub=function(t){"use strict";var l=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}},e=(i.prototype.initConsentSDK=function(){this.initCustomEventPolyfill(),this.ensureHtmlGroupDataInitialised(),this.updateGtmMacros(),this.fetchBannerSDKDependency()},i.prototype.fetchBanner
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otTCF-ie[1].js
                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):102879
                                        Entropy (8bit):5.311489377663803
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:52F29FAC6C1D2B0BAC8FE5D0AA2F7A15
                                        SHA1:D66C777DA4B6D1FEE86180B2B45A3954AE7E0AED
                                        SHA-256:E497A9E7A9620236A9A67F77D2CDA1CC9615F508A392ECCA53F63D2C8283DC0E
                                        SHA-512:DF33C49B063AEFD719B47F9335A4A7CE38FA391B2ADF5ACFD0C3FE891A5D0ADDF1C3295E6FF44EE08E729F96E0D526FFD773DC272E57C3B247696B79EE1168BA
                                        Malicious:false
                                        IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/otTCF-ie.js
                                        Preview: !function(){"use strict";var c="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function e(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function t(e,t){return e(t={exports:{}},t.exports),t.exports}function n(e){return e&&e.Math==Math&&e}function p(e){try{return!!e()}catch(e){return!0}}function E(e,t){return{enumerable:!(1&e),configurable:!(2&e),writable:!(4&e),value:t}}function o(e){return w.call(e).slice(8,-1)}function u(e){if(null==e)throw TypeError("Can't call method on "+e);return e}function l(e){return I(u(e))}function f(e){return"object"==typeof e?null!==e:"function"==typeof e}function i(e,t){if(!f(e))return e;var n,r;if(t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;if("function"==typeof(n=e.valueOf)&&!f(r=n.call(e)))return r;if(!t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;throw TypeError("Can't convert object to primitive value")}function y(e,t){retur
                                        C:\Users\user\AppData\Local\Temp\~DF078E62CDF628BAA8.TMP
                                        Process:C:\Program Files\internet explorer\iexplore.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):12965
                                        Entropy (8bit):0.42004418790149994
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:21DA2C0B27C5AA980085B06C244591AB
                                        SHA1:4244AC072479A88FD1018E3423D6FA96D022E4E5
                                        SHA-256:7B4A804E9C92CD86777C59FD43052222717EC57A6BB91B6ED11B55D7CD5AE5FD
                                        SHA-512:9B71EF34C8FEEE295C6E9D9DAAF65EDB90771199FCBC2A5CC41A24E7AEB525C091B712EA909552B9BD3B7075CF878604AC3ACCD4B36503BF5E66BEB6B8AB653C
                                        Malicious:false
                                        Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                        C:\Users\user\AppData\Local\Temp\~DFA69546DD89C352E1.TMP
                                        Process:C:\Program Files\internet explorer\iexplore.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):193172
                                        Entropy (8bit):3.129740515937443
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C134B9AC29C0EFC08DFEDAE1B576279F
                                        SHA1:5093F3D128CEF558DFB95CB72EB3B75D22FC7EDA
                                        SHA-256:B6DFE66D3B925778682BA4768EB204F4BDAAE848107588EF721F9C044F7C34E7
                                        SHA-512:7A850E60158BB3F1255459F9C81DDF2933DC684C75382D60AE2C8B383A1D25FC93EAD29C4F9B6B772FE4454A4A276D170E9A99FC4B51889B0F1896D86FF879C7
                                        Malicious:false
                                        Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                        C:\Users\user\AppData\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Contacts\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):946
                                        Entropy (8bit):7.737374559540186
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:67BE0E9A607957F30E17C6258FAA9BD7
                                        SHA1:E9B21A787B81B27A113E43DEBB7589AE9EDC569C
                                        SHA-256:72779640892F01266547EFC85E4EB7DCB96D9F84925A98707D22F0BB93A097C9
                                        SHA-512:C9303091E43E897A5A77BE1E146D97B208DAA054B3BAFAD6EF8216ED4E369EFFF04722608F256878904F29CD44075B0BB9B0BB814BF8807E79C99D680754E435
                                        Malicious:false
                                        Preview: .W#..D....{/..3._/7i[.C...vvd....6.:.{..).....s#1....zN.K..} Mh...s....Bxu.p...........tL...E..,.......N1......$`...!. ..*y...-.EE...5.<I|.O...3.q.......4....u...\;..0.&.|..#+.....?..M..F.....b...;5i....OUvz...;..&(..x(...W*v..t-H7...uY..9.I0./>.y ....^CJS..>..I....R.3Uw..9..=...1$..,.............E.J.4iX..jUZ..A.qJ.z......{_m..s.nC..x..cv..33."...#.i.^l..(].sB.H..V....].....y.l`......%.4Ou.x]P.x.)...|.u*.Q..Vn...')~iJS.V............})........ouy....$.y..m..@.....1.T)...%xeY..=....5._.............$..........JV.../N8...j...k.VO...&T.*.{.].|.4-.....X.m_....V..........Q..k$...x..:.u ..-..5......j.O..NU.I.N.....m{...O..!...2.g........2.Y.s..b.R....j......_.t...<v.j..?|Tb".E8w.r9.L$L.+o...z.g...+...77;.."...P..z....0......c.....X.;.Ka.S..ku.fo(}....Ze&.J......&.i..<.`...n...9?.....{.i..i...r....y.>kMr..)F<A....2{.7}cC.#.{.m..>4ar-.6*.. ......o...Vj..PL...3.UX.%.K.;wa..T.(z.,..k..{E.. =.I....r..b.o>..|{
                                        C:\Users\user\Contacts\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Desktop\BNAGMGSPLO.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.872138775146377
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2E16626CC6EE73226824FC2F6B2FA94A
                                        SHA1:4EEAD4364D30D70193F013EB5A0F3B258E3A4912
                                        SHA-256:89AF8080638720ACB8C49BC856D56A446B4C2B88E0F6286BF5F739B148412C88
                                        SHA-512:9E5FE89A41CFFD8E7122E953F1EB689A4E7C274BB7D81F46B63716F3DE3970F9B32058B7B4C387C37FA45762840EBF6C23D14C0FC37E73A503287C6E8FD0753E
                                        Malicious:true
                                        Preview: WZ..p8.....3.`.....}C....r.Hsh.-..1.o..29{..w...b......["...[]...u.TU....vk....}..v....__.._...c..(@i .=."..>..-.D....fZ...L..H(...$...kP-....S....P..M..q.....^.[.(.../..t.R..eS....f..M.-...&...8.J.....S_.8....4....&..M...`..~...KeT.5~.y. ..O.L...Z.b..X..uuV"@...U........5.8.NOjNF..V..[..6..&(./.GW.3.....<.. h..N...ys.O.....5~W*.+A\.....>......G.b........[.p..zH.......q..W.t.[..^z.~.....-.2.".....\........A...=K*x.3....\..t*.....R.0.#.hV/dR..i.Hw:j.&..m|..(2E..o.?MRy.r.5j..?..............$..........T.Fd......."Im..[...#d.P...;iJm.m.....L..t..a..|...G"...OB|.*.C..d.........DF~...S0W.-......s*"G;....n...Z.>.o.... .R.{..6ecVm...s.....Xs.Oy'.c.[?i)-}7'P\..K....?n4..44}..DXX&h.K.0.@.w.........B0...r..0....m..p.6/...v.W...Jh/.`g,...Y.YO...%3..9.....Bf..;...s4f.^xy.GI5e.e..T.k....tk6j.$ .6........A...z.;x..vQ..0%.*.O.:l.R<.Go.7....+..7M_...6./....)hQ.V.s>..\k...an.O{.l..ER......Z.h.......qT.....T...&.<.$)..t.L.)m..`*u......#j..U$...fc.2
                                        C:\Users\user\Desktop\BNAGMGSPLO.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.8563775412153625
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B1491751B7C2A6F09E420CC3FE349055
                                        SHA1:F46CFF1C4933D33B513200AA34B712EC3A301DB6
                                        SHA-256:577F502109C74882FC1C5F4514949229ECA7C1014EE2DD6D7287C3B45DD9B15F
                                        SHA-512:BDA8027804502B46DB504433CD582F3D7C47B97F2070C8B71269EAEDBDA483AE9D4FDA7A52454A6E7B20AC74E2A040387DAA88A97C597A73F306FEA5F82D51D6
                                        Malicious:false
                                        Preview: N...r*9;..8".4K.6T.sy...G.<...g.^P5o...&......@|.....V..C..U..r.kF...c..^..k...d..vHI.?....hh.#.A..% .t..N..8..S.q.h)8..a...#.!.r...m|<2.l>.xAr...63.....]67....p..(0..Z.0./.>.-.:$_^....tr..T.Z..s...S.!l6.....N.\...oB?h..N..v.....M.._*9c..Y^Vku.22.M.w]..sJ.=r....=^..:..)4...'\.4Y....}..>.{.}..p.S.[ ....7....,?.....H...._.Lp..9V..".F..d..1..........imM..P....p...../J.Q.f....WjY..b..D.x..~.p7.7.....1o+..27.$Q<"a..sY...%.[.q.&...j..5(.5......,."i@s.y....G.hMw..f.....o...qV....../............$.........W..2...1|*...+...d.K..............C....).....?.....j9...N...R..^. .......; .);S..p.H.9....M.....b$..=T.....6..."5......,.d.....V%),.W....'n.S......e6.^z.V...7..'.....g...0W...1U.Ga._..?.r..=.6t../.Q....:....].tG&.?.*."5...9....3..vD.T...I<!I.-48......J..Fa\..0S2..r.Y....g...\..v...tw.LJ.3...X.j.0q..T)...h(q'....%.)sY...D2>...1.~9!<.}A.S7.@..F.k.......I..d...f.l=.X.f.MY5..q.I..gv^.>./.-...-uP0..k[7.....\....Hq...!.[....w@..Q
                                        C:\Users\user\Desktop\DUUDTUBZFW.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.876218652805633
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B8EFCD7681A9E13A17408C49F9BBB610
                                        SHA1:1D3415BE13407A407861D90B5098BB1DC0BC0022
                                        SHA-256:5B5B20D6B1DE7E8409DF41A05D8EE28141A14A2F8154F79373E5F4CB6096BEFF
                                        SHA-512:BD125C8514072E84B5C57710DD9D020BA4681D4063E91D27CBE8A9C11DA29BB3882CD82C412C64614739CF262162E57B4EE5839D708B5130586D25F69C7D4DE1
                                        Malicious:false
                                        Preview: .O..RA.*...x.b.3,..dPi[.'{...D...l.M*dW}.3.>..LBx........M.....4.1%....'=.bh..hm^E......'...}h..<.....+.u....B8...t......)..G...M..B.3Hg.G0."n..K..P....z......Q.....:......}..9...n.8.l....|....Y.n8.<JvLNI..Vyu..j..>.T.FI.Nc.)..P..wn..W...l....s.~$C......Qi}.B.+.h.|.r4DN..z.v.O*..K.3^..5#9.-...G1...C...W...U\>y..'.9..w.oGn.*..;...m...z..p..O..7.-j.i.m...=<.....>F9uo..?.o..r...n....F....J......M.....4<b....1....O.....qV?.g..|....|.G. T.}a....@$...".S7.l.....y...%(i..F...=F..@J.<.z....4w............$.............{...V.'...>1..\..r...-..4....@.(.u&;...p'..v!...x..(...puZ..5/.k.=.=..!.x....R....cd...@...$D..i..c^s. M6..uW.".e.19]..8...?@.F..6.Cz.H..65..fhH5...9e#....X..@...;.b.........".4../h...C*.5.0..%v.......<e.D...6.}H....S.$......'.Y.8.0.g.)..3.B...&-..d....o...Za.<eZ.s.}..^....<y}Z.?.]..jm.%.2...._.Dm.Uh.;....5.L..........A.xa..>.gb..C.!N.[..Wi.:..!......IY%J....Z........O.}Tf....tB.......-.r.e..i...u..r.;.....{...D&.M3F,3..[-../&=
                                        C:\Users\user\Desktop\EEGWXUHVUG.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.880870348862953
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B55B664EF5DEEAF1D51FDCCA4B6C6961
                                        SHA1:813382DBACF90B03F2F9E06AD60688357FFBB36E
                                        SHA-256:E674CA0430FB91D9633CDA7C692235D269F7FFFD3AA54F2B55F8050521B3B43B
                                        SHA-512:7E3EC5FAD12DF26497875FFDA0F933EC4D0DB4FFE804FF3A3A07F0AABBB181DED9BC9715ED2DEF4E0CBD6E862360E18A13E029ECB505418C64380BEE0140C2D2
                                        Malicious:false
                                        Preview: l {?.=..f..a.V.o...}........9....&f8.....h.<x.Z.01n...$Q.bcD=...#.,.7..).zc....eg.%.t.".4N..r.N..5....jC9W..G.>'....M.F.L....6x....wY.h].H....@q.+....8..J.-GV..bd..2..c.]....../0.o..t...U.&...,...(....P......,R+.`M2RU.l&~..I.. ..k.v{..3.....a+N.z....P.......2.v.n=:|...V.y<..h.B27}..\.....f.......ll.b.{..]b.{PY~.4d.p......#m.d.f.....]v..FE+d...E........L. .L.k..'.<.`vr-......;.3..=....h)..n..C\J.........v...X"q.....B.Sz.....^..@.l.k..u.C..v \~....9`..`P.Z....N.6.u:.:0M.......J.P.................$..........)61'...*.H)...a.`."..+-..)....(.....8.Y._.jD<.f...^B..3 <.:.B.cR.n.....g..j....r].1..$...n.]a..1....>.......A..j.~g.W.)...Q%V,.....3"..%..N...;c.Ty.X.....l..^.7B.......X.*.....w../..}r24.rm...Za.,..5.j.g^.....i....+.(...qT5.w_..R......Z.(..'....P....o..S.E.J.C. .."..`L..^.;.GbG.)...[...x:...TP....w.?..Q.|GO."....(..|.T.k{..]...E.Z..2E..4.....@......f....D.M\.K..UK...|.x..d|._.R.o.u8..x.E;2h.....A.v.W."X2S{j.s../.+...=C........].`...Q.t.P
                                        C:\Users\user\Desktop\EFOYFBOLXA.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.862950464538651
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A070024600D23428576EDD5F392FC647
                                        SHA1:C8C4A74F6336222D61F504EF707540A339904D06
                                        SHA-256:96D40107840676C65EE5AFAB37AD1DC9E27F3B157C4E9E8F018315827CC97850
                                        SHA-512:B0433BB2E9E0274EEC59B161C696763794DD1B6EA5DB0A57F9407B79452CAA90DE605ECCC6BDA288AACD45BD48E66957B13B01584E7B7323A94F4D78864774AD
                                        Malicious:false
                                        Preview: ....~G....!p...K.!>..:.....g..L(.B..[@....3'.#lCR..c6...:a.].g.........7E`...83.T..&/f.`.0q;......x{.z.....nQT..B....a.....U3..m.=SB.....?...`?.l.n.......*..!.._.f.U.N._..@e.....Pv.....;.......L...F..\....."Y....I[.K......7.............b....$.$:s.`.Q ,q..F..{+..A3i..U.Y.2...N_....d.K.o...B...a#.G...h....64,..]z!E..t...t..0$/.2..2&.k..1p...%..o.O,.K...=.....E.Q'~n/...wT.'y.G..ys...:W.....7&`...L\Y.._].S.o...>....l...OE.c.1.V..j.......!....ns.H.z.....I..*2...z.T.......s.w8pA{..Ap.I.............$.........U...PBoUoT.......i....B....u.=...G?.%m:..[.?4....p.h\.cm. ..%i4...x....Sc.L...|.$.7....".e.{....-R..b$Ec....D....B.5N.G...;.N.(...oFO.$./....`.....D.g.\.x..6d...Y...o.igJ.h.../a.B.....u.i*a3.0.....mV.P.`.=...._.]J.....a./j...R......3.c...X.....>,..j.DU...%c.-.b..Q.;.E%h.'.L.`k.e..Q..m..I...!Qc..v5e...u{.x.....=`...u..)z...8.}..V..s...A..e=re.y.A3...oA.qbGi......g..Lu.Q......,4.J.o..5..r..N....H...<.t(4.Y..Y..b+2...9.6i...u1GW.._oi
                                        C:\Users\user\Desktop\EFOYFBOLXA.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.882348435048095
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:89BB6941E4622C9230F7C4B72FACC2E0
                                        SHA1:1B0E1168101C7F908E61FC048CC76250C5FD6359
                                        SHA-256:A1ED983145478265BFCD57D7F01CD5FF5996FD0B649E76F267B51A3CCDFC4B8F
                                        SHA-512:8634B00BDD831BAAF3C1DFA041CA5E1D44838F98D41621CE1F46E06B547A9C3046D13C0971BC116EE96829ED985350E0813C0F05C6CA6DC896213CDC0FDFE6F8
                                        Malicious:false
                                        Preview: W. ......c...~...`H..ld..2.b..8<........`.b[..66.........b3.....Z...h...k..z.....[<...Q..?k.D..R..IR4...._..0..,.5m.3.a....`lY...X...ji..v...@p.....^.wN...8Q...\.(...G...3.D<.Zh;.=..&.=..s.....2.{....oJ..".niO%.'.L1@..A.f.......".....yq.e=}......G../.h.]>...&........C..:."5.r.#..A....e...w.'.S2..[...:...ZJ.z..K.Az0....o...C...Z..>.V.L.j@.h....`..w...K$..D).....g..z..Q.y...l.(>-...%Dl.n.L....p..+.tY...:N.L.[..........u........d......Q.....$v8.......I..\.v.._..MO...[C..X.. ..3~.{j..ar#............$.........B..b..6%.M).+...2H*..5...|..M....}....Q..]..&n..vX.}j.a............g...#.........Q(.!6.u%....d.o..s.....$..T.9"x).Z.23....C}..i*....N.a..."......J.:.U.f.E}.....7U6?@z....Q....#.p...#K..i'.6c.~...&..X.7..Y~...d.t.F..G.j#....8r%4b....m.%rs..C..+..xL.C. ..q.....XZ.Ba....(...MI5Gz..6./k........L..R...t9.O$.=...Q....&3u/.\._..,&.6e.]&.E..9......Z...............R.k.60.1.u.c.#V.A....G..1f......<<QZ.....Y.`.h.O...+K.G......}t....r.n.v.=b>
                                        C:\Users\user\Desktop\EFOYFBOLXA.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.862807563873874
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AD345426AD82F7EB4486EA877808179E
                                        SHA1:C54591509702FDD7AFE6169842CEA990810EFAE7
                                        SHA-256:095E18491E15662747709119B8F6F1D47A9FAFB358FF69BCBB270F56B204226A
                                        SHA-512:A43A68FCCE8A0D0346A7F939B828CED99BCD70DDCDAD2CA3F9DB6823CF7B7FB1DE75199FF9491530CF19BDE7A46D707395401FDB5BFFD9CD53AB7A2F0CB435B4
                                        Malicious:false
                                        Preview: .[.S.<.-..p.Mb..4d..j.]A....Z.WN,J!.|=_........q.ib.O`..".......`.........`^.x....w.N..u;....A.u.|...-a.i.S.]|..L......oy...[.B.U7.>...q..+..wI.7 .C....X"y..`g{....5.......]..,*.c...p`....S+1..^.6......`.m{..A....Qx...V..7..7 .0*1Eu......t~.k{.....1...<........v@o.F.X.A...........->..|.#.*..3.../..~ayB....lP.:...|.#.$.J....)..G.._.k>...M.....=..P=@.=/4...q.0qQ...a.X..9...i/~.D.........^V-..=..[....S...M...dpp..1?I....bGn.Z.qA\..B...i..k{.Hq]....R.....1..=.oH(.h.ja....rT.P.6.W..p.....u.C............$...........[..n...q..AZ...=..2.p..iO...*..7....g..fK.oZ,..F....Zs.3#.iqw8. ...(..f.f1..j..y@u..7..L..I.....z....+...r.....u.T,S#...Xb@..v ...o....l.JA.....%..5S ](..;.l...3.Z....A....w.=,Q\.*..3A......6..wX .|..i.pm.9..In.....i..nQq..b>.!|.K..)...)..{........N .g>.r.+,.2g.n.Bu.N.p.......-S<...V....Guz...R..U.......,.2)*1[c......j#..P.^..cK.wS.0.&)E.........X.4eI..I'..(},$....N.D...."I..EI.J...a...6...x.6..=.........Q..1..p.P.S.@...O.....
                                        C:\Users\user\Desktop\EWZCVGNOWT.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.860701119496407
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:29258AA5E06380D9D80FE48CE5F059F4
                                        SHA1:709B37107472F1EBD63B44068197E4A6FC34F347
                                        SHA-256:C349DA9B41D536E36DA644A98EA6672E610093B4FAE19487FB45FBF154FC93DA
                                        SHA-512:1A20BBA2A44450C344861F883D889E5B22575594D31C2734EC77C02042CEC171AED6FACBAC4287B38872EB7CABE6446531148F80E933DE7D85ADCF3B75F91047
                                        Malicious:true
                                        Preview: .>F0..l.E..........Y...AKkC.Vn...=.#p....f.v";.VUO\.).{f.U..E2b.._(7.R=..6j7r.'}..eU....(..q..$2."..Y....5w....L%.!!...Ii^...*..e..}..0L..7...b..aHm3.?..k%..;.B.t.....d...&7...9."[..l1.KF.......K..........uo\.Y9.'-w]...6Q..sX.l....'...R:...vE:w\sN.Zr.."..8...l-9.}.E.7.........[&.>-PVW........./i...@/./%..."...a.....A.n8q....]^Q..+e....<....D...v>...8P....X39{.....VGqW.8.2.F.....z....0.l.P.$....E..~.yM*..r.).....<i.,...".... .YH...fU.q..F...kf.q.7..8.Q..m..n. .^L...{....-............$.........1..B....-...m*...~..d...'..>..>.....rqz..c.*...$$.a.R..k..m,........n..........Dy"..=...O6.....5...VJ.?Nv.B.+......_...1..u..<..z...%.d`..g...j.u.F....x.......9.P..u....b6...ZD...K.Kw..4r....3.d.Hiy(.?Z....i...{g.\....!q......n9r.P.4.s.\*..d..J.^?aXq..I<.P.$..L?.I9...f....4.m.$4..dG.U.....c....4H.D.%C..d.V.....|.#..rK....~..7.l...:r.3O.G.Za..".28.5_...I_...ww.}..b...p.i ..'c.\l>0.{.JS.....%L.._..?.|..u...d..<.....`.%@."4..P..
                                        C:\Users\user\Desktop\GAOBCVIQIJ.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.847392616392206
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8F74EA5491F13AE4F98001E35D51EC01
                                        SHA1:4A97D18926876C655B1E490C10551F4055B1A450
                                        SHA-256:7DD47E8BDA04DB879872F46CCC3F6897C99A4F973CDB7344E10CA6AA1AD4284D
                                        SHA-512:0DA7E850E0E5CEAA3408868B3790C0F2A36C1E57F1B9B886A720DC4060396432CCACAB7B16EB943234D9FEFA16E8E6EF3E9073E5F79D45439CD8A28D1D9D90C8
                                        Malicious:false
                                        Preview: ....\EsgQc.[4.!....',;Ft2...)z#w..7..[t..F1N!..R...8........;..p-....t..*.........e..O.6...j.......L..".%..C........... <.5...n'.bDO[.ar...-..;(..Q..NR.U2.i...NY....pIt.dv......d...L6N..T........|.c.D..b.........>sp...t|.r5./..\D.....N.aR...."`.9..E.P.r.F$..6......%......lk.py......7p.i.........-..*..h....d........ .e2...c....I.d..A\....fj.n4h...[W..../..;X.>.*..oo.^p6W.jX;Nh..n...`.....a......~.6;t.,.M(..j78"{..s.{.V.V8............W.b...vR...."A.........A.....}..qs...]>RL..|q............$..........yt. ..}E.b..I@.........._.pz..k... ..#q..89.Z.j.IN..Dv...&`... .x..'.w.zf...i....b.......1B.g.@.....I.Fr...z[........X.........z.\"...[p.owp.Yi...b:..r.kj..Y.[..U{....P.D..~Od.I....G...y.>..d..\>.2....w$^.s........]...I;...f..a.C....&1..cZ..t..E..Y...p...)s.......V.......g2~7..k..r..Z.CH....[.Q.h..'Q.*.Uz.....D.....r.R[..H.p..$....%S...qb.f.....s.%....... *]........hT...P...f~....I^.K..&..XA.....Kv...'..@\F.%..x..)&g..Z...k=..5MY/......uG..}
                                        C:\Users\user\Desktop\GAOBCVIQIJ.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.858047663244888
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9186D0A10C62CE039B07CF1765BAF31C
                                        SHA1:191438867555292E13FAA694B255A7CE6D6B2F82
                                        SHA-256:356C7B890E1E23E35CE417DB9153A076589C95D34F4ED00C932F58C5950E9E4A
                                        SHA-512:FC3DA0629CCA20CF2701133BD72608E073C33FFCB042169B5E0DBC5B6ABDD04F5747D8D70C258DE4D0B6300C0FACAE22F6151B434A7E2C2996697084AEB803D8
                                        Malicious:true
                                        Preview: +k].....O.u%C4$.}...z.-F....7...)..9T.y..slp..T,.8l....[..f.....>7..Z..;&b....[.;...(.J ..J=.h%~D.8.".~....G`eMc.LD.<n.....)T7...#.&A...L5..H......Lv.FRw.u.g...8.....@.......D...7..NP..D|.PL7024.g1?..HL.X.8&.%.H.'...D..$.v..b.f..jy;.L2.F...r}?Ee...<....2..iS.U.O..!0.H..I_..#....8......<.-53^\.2TJ...;.Ew.| M..T0..z....R....\R..p...fo.vT.m.._Bd..K.b..8..,B...4....G.}d4.........p\3bX...;~..lE....)H......B.o..q.Z.r,K.).?7...g...*.>..6..G.X.A.2xc..~d.Yg:)YR.5..I..Ku;.v...s..}.....AU!Z./y.g..=............$..........J.u...G.#..o...q....2......>..+3../.o....W.\.E./...A.F......0..%%...Rx&".[xb..........F..M.q.l..Ht...6|..Q.^..h.sH,~...tJ.%X......)..G.R#..I<2..F...Vb;.....o\..\.w82...Y......^...h...K.`..V.ntp....n.....(..Q.....V..../.f...5Jm..UwvF.#...1..X8......e.^F..4..M.!....i..k....(.7.?......e.%..[Dg`.J.N.e+.%.7&.J.z.}O..r.S%.c............2a.n...R.g...R....9.5...q.X.......d...V.g.......xo&.Q..d.:E.=..z....2....]..X.f.uy.6...j...).s.`it`..
                                        C:\Users\user\Desktop\JDDHMPCDUJ.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.89347746896656
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CF924669711F43E17964E3E49A196195
                                        SHA1:4518BF39053E620434DE4858AA1DB57C3AEF9086
                                        SHA-256:4404F4666B1EE79B37373B821E26078B5FAC028A5EAA1BA6A2F7AE9FF944DFF8
                                        SHA-512:186847466CC804A023DF4CA6D9E92D98062B311671404B580BC8BDEB306E3FB56C37416285F26A9C50B74461A65BCA3ED0E6887F8E301C069F859BEC6BA18B7D
                                        Malicious:false
                                        Preview: r..!(.".h.M...I.[...TE..i...p\p..j...S.1Z...x.t....s.k.. .L}.b.S.....O...tZ.G.........n.....yo..{...3...+y.].|.K.QiQ....YE.....2..|.g...p ........[....\..P..=.....Cg.-.A.__u.{)c2..Q.t.M.....WZ4.........L.W.......O.%...y.."...s*.%k...5.{h........?Y...?.n-....T[.o>..)~.n O48.,)....d.....=...`W..{..,{.k..h....'.......Q.*...S(.t"....$M...X.......#....c.g.)....8..?M.;...X.>..u\..z.....7.+R.<.=@L...a.:....Kv.~..2.~\^..I.!....v..;....>6$8.>R[..#..{".v.k-.V......J.z........V..(-*:sZ..i............$...........&.X.kw..b.`...m..6...Y=......../.~>.}M..7MO.M.=F.5.C...'..L.G.u..8.6.F"tr1z...nVn..@..jG.iD.3..1LB.:...2......B.. .X...?.C.e.....*#..s.A...r.N.&4...>."....0..`...j.J+......1I........ .Z....M..[...`fa..........b.,...E$mr...q^.$..x..u.-.FtL.P..lF...z~|....M..B..p|.v.B+=.>.Y5t.9....k...W.v2!..Q.u.rV.*..m........N...t...V.!'..eJ.......K$&..S...Hl...: .^..|.+.p..r.|.X.Me_.."..5.b..N.Q.....0r).U...+.N3y.V.=.#.z..._...,.S...y.G..|.&.8..2\E...Qz
                                        C:\Users\user\Desktop\PALRGUCVEH.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.867637940327274
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:547E1B0072A36F33142D881D10027452
                                        SHA1:BD9638CB534BE5FD9801885CEFFB631EE0FB52D1
                                        SHA-256:1996496547240981F8A4906DCC3088887D20EA06673BD6C754F8C6CF58D07E73
                                        SHA-512:4FABA15F5AEED1FC8ECF6D2A535C412F64AF5F5BB612449A78790876C7C36279D25DCE68C27D3DA240311BE01F668B4C6E37947AF3662AF00A9FD0BA74270303
                                        Malicious:false
                                        Preview: Ev"u^..q.%.Q....p.3.2...G....8.Hh...5b...Wx.........0u....k..O.........n.j..r.H..k.7........`.<..).....6.H.G.^\B..{...;.[.e........\.B..........o..<..[d.b.....Y...Y..~a.,8c..)..r..s..a.3U.b,.$c(4.....6...H....e!in.......8....|.u.%..C/W~...T4...3..2B=WL.n...l.c..;.)...].l.X...:.E..".uN;.V.s...E=.B....Qk..........t.#b'..ja.k.i. ...d.....[..~.v...J?q..K.$.b.....?ga..../Lr....w......mD.F..]......u...1...yw/.....h.Q.#....`D.,.-......c...<..m..W.......1...=...r.{+.I......Fz4.y/....[............$...........C......b.Y.E........9..5...9.5.P>...5.....2O.Z~.wNR@...S~...F.r....m...7z.a.iLv4.9A.*+.....1Y...S!.j.4.f=O...^.....a..F.LA..p...Cf...U.){#t.$r...e..%9.T..^U....nB*...>.5.....).Y..%].l)...sm.~..\.............^.......1.B..5.......|.l..vn..J.c.....^....g&I.y.....?A....Q.]b.....i.E...'.R~/..a.l.....Y.....WL'0B...E{t.UK...n..:d...6eL[..:..".:.........(....=....H..... ..c...:...c.m. h".lJ..].%.....;s)..HX....!P%...%&..C.6 b3.e..tv......&..4..W.
                                        C:\Users\user\Desktop\PWCCAWLGRE.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.866149353070044
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1AE9B7EF4BCE79C732F275C9539D47AE
                                        SHA1:ADB6193752AE949A0E6BA4E31461DAB52E0CBA37
                                        SHA-256:1AE1ABFFEAEEE2C247BE5538D993DE497936CB17F08428409BB893D95F8D7BC7
                                        SHA-512:6E7A8202C006A11C8D24BAEC1B4EF9250A3F54535C4FAD55662388F759B6B5F1361BB90D0F018D6E7F1B17D1172789033F38493BD3417BC4035C61803A7F8673
                                        Malicious:false
                                        Preview: ....Q.._...D.."k...5...f]......er,..p.y@4.<......*...B..n.Y........v.r.P....f.4.wHZC.Y.bo.`^.A.l:6b.d....M......T'V...c../...(b.5]bM{....A......I|$........-E.......R.0.....sj..".w\....&..Tl... W..._g..hvB)..q..u.]I._ZXo..{....B...|P|qpn..<................%..7...N..e..........f....5..{Eh....:.F.('..s.,)..A2.\@..%...../.f..)e.).....15.....id=g.O..$v^l.K.....\...*...q..J.wG.....j./.}...>..?..0.}..~.l.B..I .L..Gl.e..H..f(....j3..Ok^....&.._2ul..m#OA:l..HS.*../7/.H4B.n...y.....r....5.%}............$...........A.. .9....P..u..}}l.?..X..,....E..>...........Fv.)/.E..v...!..#hu-.Bm..U...4.[;.o4...6.E.p .....'.:..~|.x>N3....s........`...B6...{...Bh.M....&kL7.7.......JZ.u....q..}cSG..{....~.e.=..*..z...9.\].>.P.D..K.M../.j..d.C.E.0....z-o...l.RxR..$.9#Lo.....g....L.Om..Ol.-.?...b.^..."...EzF=..ZI.b)U....Ry+........*.4...0...a.[..q.E..[..4(..R.w...|q....3..R...L.ty.....y..s..GsA..x....}.9O..Nazz.7>;T)B..T..W.'....D....9p.....,..XU.7F).....B'...;
                                        C:\Users\user\Desktop\QCFWYSKMHA.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.859961787173474
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:162E807151D2504F3CC0DFEA0A13F71E
                                        SHA1:6C654D9C6D62C97F78DD0186AC2F1E55016EC927
                                        SHA-256:F550F11C29550743627CA27C2347D4483B091BB0260C335E5C72B9B6E9BB2039
                                        SHA-512:DB0671B020B392690B9660B4042358C82C88CB414F8E8EB9233A55CD1C394A1B6D7D0A2D15EE2893616790CE32549624ACB2624DC0FB2BBC86CB7E72380159A6
                                        Malicious:false
                                        Preview: .V.;bt.OE1y,V=.t...R,.....u>e.^I.6)]...*_@.a)q!.Y86..-%.J.Y...W./.........)Tx.q.^.6h.\.m*........4.....{...N[l CR...{.jq..a2.e.V.0.Z.}....h6..K..iE....K.{J.m.r...:G....1.EL.....^OLEP..@6............;.r.Z.k!B....d..xTW...b.,..q....M......$...A..Z.t...zo..vS.O...&.......~+.{M...N$R.C.#..m........Q..%Kw..y.....J.=0..Q.D.R...:...../K.....z.t,.....^\.........2..O.yR.3.c.+.......*..0..jX^.Z4.M..S.v...\..v.....7.S.w+:.I..X.Ia. .....+<.F...h.........%..L>kL7hT..;0..O.o1.N..~|...zI..U..P.N.............$..........+.U..7Tjv.._=v.R.......`u.4... .0...U.1..?......</...s 1........x.,(.V.....b...H...f.-ld..k......4s.a.../bh.P6N.}v..`..sM.....*...tHk..#.i..e>.A*...?....d.n....A[T$1..T.....v.1....*.i@.....~..s.<.59o.P..^n....OB#4....O|u.~..t..L.@.)..A....C.:....!...u...d.;1P*...Z[....v.... O........gn.!ZK...>..:..I6......Vv..].~.1:7....n...(.5."_.o.....G..F..M4"..no..f.....(@..}-8C?..c.g...KE.1.....X..c...(...[.n....y.!...|.{+...^!.S..'.....z<N.12.
                                        C:\Users\user\Desktop\QCFWYSKMHA.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.85744933184112
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:42937311CBDBA706E0167C688FA5E5F8
                                        SHA1:71673784AF5FDC6E28B32715DC1BB9BB88C5DE31
                                        SHA-256:3F5EECC88078979B04C98045B4690D499577BA31588BA9D2B0F26EBA4BAB49EA
                                        SHA-512:518E2D3A37D1FBFB351F08B33154AC415AEA9EDF8C3267A9AEDCF7FD80059C02B5AC39F8BBF3A0CD1BD12E55F87C852869EAF7466FB4861CF0BC46371185B73D
                                        Malicious:true
                                        Preview: .].....~..@.pN.F.i...7.........kR.z8.. .....w.$O...SPB.]........j+.O..P..L ..S......."e?!W....._M...J.8..30=m..g"}4..|..>...8...Pu.jP..nq_.....C..w.....',%.E.....+.9..4..rb...7..).Ss.].6.y..jOc.Ea..|...I.[..5.%:......G.bs._&b..m.....Y..="#+.ngn..M'.RO4TA. mc..%.w....$...F.j.;....o.z...Gg..kF.gO..l... .P.$;.....D.._.L......2;.L.Z...E..CX...*.L_P*....e.....G...X...3..)M.L.1.. .......E'I....`...0.D..}?L@..x....t.....1.....v.j....@Mt.t....n...G..l.!L...B!...W.:.S....x\^.p..tL.W..9..k............$...........1..o...'Sd...~!7.7?GR..`.X5...3.S.Q=%...E$.9o.....o2.....X.O..%..)..F..*m.K.~.z...p....4:..T...a.I.....o1L...u..T.L]W}5.H...+..Q.(1 .h].H..A.[..O......n'..m+:..{~.....q.........(..ouAgm(]..%B.....YI.M5./..R...s..w...%8S...M.W...s...G..M"z.I....|,O..y...m-.b.O$A+j.f.N}D ..1./1xuy.T.>.....@Z.'.+....t..r}...n....._......*"...4.3.>8...B.&..x.h...EH....wt.mD..j......{..L.....&.d.:adyR..bw............?.LB........n..p.X0..a(..jRK.tA.....W.^..QB....
                                        C:\Users\user\Desktop\QCFWYSKMHA.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.868372902321549
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3195244344B15316F8AD07C044B32680
                                        SHA1:28F21FF6281D7F816067071A274900B0A4585302
                                        SHA-256:78E311AAAAAF91204707D8DCC1D25EBFACC5D6915CFDBF857716BF3618BD5931
                                        SHA-512:A8FC2171D6FD42727C590ED289FF6E06631F710BC2DB079D5872361F30318656CAC8FEBD8BBBE58619F8AF9B06E3A5F7BE4E5A963E6FEDCE96AE498C9E109097
                                        Malicious:false
                                        Preview: &....>v...,............<. .........7..\.:M..&...;.........a..?q.vp....|P...`..@!.V.AI(...._.OO.qM.-...L.!.....I.7..3...C.f.G..3u0..I...e..@.O...6y!!5;.8.F....I.%.x.+..R`..@........sK.\...b...zS.1+.'*...@n.z:.ZXK..Nt.lZI...p.kk'..(vT..m..jV..X5....D.#..[6M...9..O.V....K......[oRG_:et...c96.&.V.{.|.\6.f..[..-...H.vx..{x..u.\.p..@z.Gn8.p..)g.{J[.<.mZ".>..~MXs...Do.].[n..4..pd/....].o..12...=..a:.......BT>o..,.S.`][.w.h....B.H.`./.$.......}...N.C..{.L....V...........O8.\..2Ii#.X.D............$............[.%b......pY.|...o.:..-.aw..vH4.E..M..Qz......^;.U.......u.?..{!....d..H.*...{@((.%..E.Z..@H..,...Jb..5..9Icp..S..D.e....k.rC}.{._{..0MQ...2l.....*.....P.ZL..5.y...0..:.@)\s$qU.A<.o.....H..Gt...P"...b...y....@..Z.:Y>...=P9...de..>....X....q..J..mo.7....}.....y....M..q.....U.f.hT.Y.....9+:......~t_&3.....D.. 0....UI.g.E...2..P.5......r....a.i......X1.C.\..8C[...q..N..<...<...,..w...&..jY.6.>...)x"..l.1..q.......".=.O. ...N.&.[w
                                        C:\Users\user\Desktop\QNCYCDFIJJ.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.846888110671626
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F05C0C4F1165ECA2ECE157253BFEF157
                                        SHA1:2A3DC202CBD6BBCEC8DA17D91D0024B115A28422
                                        SHA-256:23956AB826CDEABC4E76551714B8B82324AB453EBF486EDFF8D2932D9FB69999
                                        SHA-512:CFD9D8F8065F4F636AF28E4B458ED1A17BE50AD4DC7EC901039B8925C5E8965D9904EF8C87A4D5CF69AD53CA0AC1E99AF68CE566DF0FACB710BEE124C89782FA
                                        Malicious:false
                                        Preview: .a:.O._...`...<...-..\..5W.^.5.....u..z&j.l'2.v.....o.\.R9.u..........L.v..H..w......O.....72.....vi...4......_M...{.h.*v..r]..F.*z:..&.~..`.w.%..NP.=_.d.,...|.2.......B...E..}evS....3.S$.V..0.;..&).O.y.zb...R....Z.\R.`$.).o.:.13J..?...b.'...>`..8..mEq4.....e..\8!.. .6#.c5.. .jA ....%..S.\....e....l...{F.X>..&..i.=.Kl..oL.b.....x....%......9H@.....z`..#".K.*N...J.V..&..5......Qt........W....3.Fb..@y.!..>;.O.s.......3..b .{...>.......,.*.I(.hh..l{.f..V.....x..q....M..z.b...2............$.........Vk..............".P7......Fmm.y....D..|..Y.|..ct;c..............Y.Z..j&.&.;Y6.Ve......;..k.LH>....I.4....s..@..%..Q.......Z.D.1..8t...C...%8#.I......hb.,....*..keU.4.(.T...t..c1...^\.M.F..l..T.O.......PB1P.......1W..;..1....8=<A..ji.....goH...1....VM@;...V?....R....SH.$uPh(V....\..+.f7P....b...../`.s<H.%..C..J..0.~....1...i#.~p.....-....~.U.RlC."....%.....B.Y...wb2+..n.$oL.(..3.H.Km...Gc..vbG&..?L..5......K.T$.rM!X..'....}=/+..g...
                                        C:\Users\user\Desktop\QNCYCDFIJJ.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:PGP\011Secret Sub-key -
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.877112396107258
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D0E47A769B7130A9CAC4970EF6517A1E
                                        SHA1:34953EE0B0A273B6AE125CA914A5BAA3F4AD73A0
                                        SHA-256:15C12CED1E1DBBA356A7E450EA1C339B98B506784ED5C5A5049B0FC424D653E9
                                        SHA-512:C2F18944F2B9B8D11A125C9642C782228417D33A71981BEDD11B231F09AE0F6A64D4DB71ED48B99A86138B30CD03A69C2699381A9E08890FFFDDD128ECF96242
                                        Malicious:true
                                        Preview: ..r.pu.........W./....._.%...Xk.?.7Q|".3.'......>..g.0+q....d..%{X.......-P.]k..5;...t.L..4p.%.c0..&kP...m....j...2.....M....%......D..:....(k..)}..3...mL.@....nq...k<.......b..9s_..;......8.q. ..x....|~|.........lB{E4.r.7....@..A#..E.+q.9..."-...c.*..}\...@gr.4..U#...y].%.K...3....e..t..|..~.v..5...F7@H.M.-w.|..c.F....c.@.HnUNg>#....inf..uU4.....t..+......F...=....7..N3k.L_..;.P`.F,.+}.b...'..._.;....]c.$.]`..8Q.|:.C^5..hoVgm^z....+w..s+.....v..J(..t......p..K.J^.gb,m.Q...E./;*K............$.........lp|Ia.;-....t.....H1..>..I..v'`h.lFV.,J............/.@.='.Wz...[2..T../1.>..........K...p.8.V...N.H.w..[...3.......A.s..5......b....4.x.J....E..jGi...S.0.q..w.s.._-.6......T+..E..6.%.p..U..._.......2]K(......9o..zY.M...U.x..[-.i....c|.TY....>wc.]..C.`ZT\..w_..............9.e..5@._.Z.....v.b-..G.'..&.8...{Z.....H?.#.)....]..:.wa....?........}.dL..}]..t..%..w.'~...<!..yes..\.q.%..f_oI`.g.y+.....$ .....l..Y.....k.:..".B.w}.i..M1.....-H..f~R
                                        C:\Users\user\Desktop\SQSJKEBWDT.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.85820665887271
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4AA24C99F8173D6216280A9E6AAB344C
                                        SHA1:29ADD09C7264DC2BA48935D8E5B738E155272F83
                                        SHA-256:12F33F65D5DB18BC6D32C80B3204EA6DDB5C1A47CA7DD4E03172B226B82740BC
                                        SHA-512:4BBE27E094FB11F4ED420888C0EEBC89EC929D5FFBC29F3F9B7AE82348AE20A5F2111DFCF6C8DFA0847390AFF703B0327CAB99302B4A4FD2F118C609AEEF45D5
                                        Malicious:false
                                        Preview: ..$.F....]R...|6.{0....UK....o.tZ.?.`...k....Qss.~9.=..()..HU.....*.fs.#....Np..1L.1&...It..FhR|......F.M.9.....b.=......$0T..\..M.r..0.3..4.....6.....v..A.....).q)....7...Do.(.H.N....7@1....$.!.\..7C...&..c......&.>....u~.`iC....h.....:+.......(X]....l..*&CDQ.W. ...J..b._S.....i.u."\.......t...+.....d..,.:B3[....r...p.B/.P3....._._k..}W......Ox{..........D....f~..Oi:V.b..@.lC*.Yhe|.'..?.5.G...-..~...W..J:..f.._.m...0....ep.....?...L........t.O...#...a.x..c\..........}.&p.n.wN..............$...........%.&y..4. ..o.....dd...B~A._.R...e....l.(~T3..$J..@S.".......>.._f....-...t1.^n.?......w...tCut....2....1..v...u.d.[.=/p;A=M..O..r.p.$...>..3..H(lS_...._..`..h.@....(.p.......r.....n....\..l.;9.qVk...9..&.....4..h.ou+..[..>...z..5QS.$1.>...}".Kr....^..8.<..*... ..JN.......pa.xh.....A...^q...iA7.....p..0..=)XS.A..B..].....ly..wF...<..tte...D....w....].`s..3.8u..Y%.V.Jj.\..u._K........^...tB&.Px.....m .!u....u...-K..[=..M.....{tnc.%O.=v?W.
                                        C:\Users\user\Desktop\SUAVTZKNFL.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.865062674139967
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DDF345164192ED86E17537BD327EE9AF
                                        SHA1:69E670755E5205624185AE0206D1C942F03E32DC
                                        SHA-256:35670276057AADF526ECD70CC73D35CEBAE402DA7ED11A1C27450B186F15853B
                                        SHA-512:C8A336EBB81EA8889CE8555EA8348F8F2D3B0E970CDB4B06C083FACFC484786C0FC1E35EA3604E03BF94D12854D52D72A9278CC984ED7378E25A105F98625FFA
                                        Malicious:false
                                        Preview: ...1Od.+.]d....i.:...|@s./o#.Hn......s.._....y.yQ..@lQ.\s..=...(.@..6.P...l:.....x.a..X."..o.e@....F.e.J.?.C..;.".s..qs...Mt.;Z.\.....J6..E....C0.R......%......s3...0......Yz.L^MM..(... L.........N......$..T..F.FS..%&:.u..E@.~.^.....~..].{n...!.7.N%.G..=..:....I..tL..M...t...'...4..........8.....d.*_.`..|.<q.....7..n.6\.....}.&....#2..O....$..,.&H.2.3..%.{...k(.z8SV...Af.......W.5D....@....j..o.a.4.gE.c..ZW....{.<=B[N..[.y...[....N.t............e..dp.;t.V..$...yU.DP.u..>.O9N...*%.....Iq............$.........-......ues.....O._.I..f..Wz...=A..rJNYuM..w.^..^0HGb....}..^4..1..}..w.Ob..G.OR..t.d(8..a.p.\.J.Q+>....&.T.N%f.qh...v@@.B.X../x..X.A.s@D....Q...1.C.5.....`{A....e......l...%...^.6......1.....U%.y.^:..w.....UWu.{..Z...dEp.L.. ..q(.......)=h;..~.x.).Ct...\....y.r....hf\CY......H.n.....o..A....5.....q.......5.uw._.L)g..hX|.......<JO.V.LWyJb.K6Yv3..ZU....7..8..,......}=....gFw.@.E...P6...1zJ....Y..Z.cN.3...}..?.-..K.CHB.....A*X\..;..Y5...
                                        C:\Users\user\Desktop\SUAVTZKNFL.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.86837560772067
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D3D9ACF723166D09CFC760C13A0F5908
                                        SHA1:57C4E96B8877175F593733CDA75A67ADCF2D639B
                                        SHA-256:D6D752C8147795C32096AE9E6F923C8195B914615AF39691BB0548F9178E85F6
                                        SHA-512:1C30ADE722D1A8D6F01C62F3F56DF8A611F424EE85086CF2297B64775EDE2F2BE1045CD6A202DF0B99DD1BB2963BC5283C75332509FE351723B231AFFC777020
                                        Malicious:false
                                        Preview: ..nQ{..qV.....~..e...a.)g.]q.......@N...`.....O..-...}... .!.....%>..q...N.P\.wTUZl.Hn...b.9..E..W......o.b)..&.C....t..6.@!..m...U.........7`.._.Lcp7:b@togd.k_QMJ3..p...,.....K).8.#...J.f..L..{.zxF..,rN.X..;.4Yc3O.W0.<.qE.DQ.;.]!.....CyW...3c.-.....Nw.$.O...g..f.....,.{..4epqo...iI ..9L.&x..M_....V.X..e....),9.....Z+....=..8.......'td.!g...C....ZQ.f..8......o..[...+\...|.#..RC....5.w>+3...<e}g.p...Q...T.L.*k.nf.A...r......j.c.!.Y+....50...j#z.q..o(...^.7.h.e^.......z.P.z.^...../.F..U&............$...........1....?....{.l.d.bt8..].{.~z..W.....Y..7.FK......d9.v....O!........k..........N:u..WX...D.{.KLbLO.c%......|.3...T.L.C.E.x..p..*...0!..|..0.....nC .....3(."J%I....D...,.X1O.g.....#s.....>..P\....]].../7....20{...k<.-.7g...........k{.b....\...&...9.`g._.r..t2..m.k~.J...H;.T..U...%..d.\Fd.(T.0b.Q.....y=.A7Fmtl.[........c.0..@~t._..T;.\.....}....l.=0...-)&..b%,....1...K.......%z6.hkm..9.<...v.6..._.....Gx/.p..k....a...u...1.......#...%..R......Q
                                        C:\Users\user\Desktop\SUAVTZKNFL.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.869820849943772
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4699A767490BB636C31B7F9D6AC42819
                                        SHA1:DE3E6912E8EC450518785D2211AED739987C7BC9
                                        SHA-256:B220483E35397F062FA01C9E8ADB35C2B3FFF9FD387D111A7B42F2B87DCB593C
                                        SHA-512:B7733CA113D0956C29FBC160AB9F32C1177BC2EE3C25DC2FC1458EEA63E4B3F48DA175A653D08D20C514871D125DBB421911892073987C6E91B81002D606B3D5
                                        Malicious:false
                                        Preview: ...R.......d...U...&F.BQ.a.o:.=...j=.........C.B..1..t./.Ic..p.O.SI.c.-&.G2.@...(S}oXY d.=.L..:.....F.>..2...(.v...^.i'i.BItd.W^a.'s+..)~...&.>.j.sD..[.H..........`....x...@.......E..+E.;.....S.+~.I)..m..k....iq..>.....dq".2Q.....2.#.Amj:...3......>[G....I..E.:.D2.....H..+..t:.&q.=.wo.P..w$.7......,.A.@.S.z..3V...$Vp*J.s5.g........D[...?...K.....k.($/VL...H|.......r.7.Z.5..QG.@..(.X...D._..>..Z.....?O..!.^s'...).GU.K.k[.}..5WF.7.Qf.Y.j.._jjO._.^..,.Z.f%.ga..\`~..ZL.......q......R.U#............$..........p.-6..D..o...&].. .T..F..V..Ht....7..k..6...!....D......../..T. A.6..}....x8......I?.B..:.4.#..W@T.%._..P......p..OP^.....7.....).....l..NX@.5K.R.e.>.@.A5!.....4S[{z........>.E.R.Sj..0..B_3.o.?x..T.....2..?~.kq.y..Z.j....$S....sH.Z...^>.. uI..z.........im.....`.c.^@...!...J.1..e.....F....."....:..2...5.....x!.&/gk."...5.3....e...O..A}.....t. P...~y...|1..I`./i4.Tr.R.a.R....:0..,..=D6...Kq..*....J......F!n...Rzg.~I"v...q*....7'.l.8.Q........
                                        C:\Users\user\Desktop\ZGGKNSUKOP.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.859098917890442
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A8729405FE66B99E36B2F1E07623EB8E
                                        SHA1:7231885F64DBAF48877DB6573F0CCE09D5289E14
                                        SHA-256:87F7C9B2C5A2BE62F241DDF127424E7F624D436EF63FBA185B55B30ABF80D0F4
                                        SHA-512:14AC605C99880E9DF8108978FF7B79B5D037555CBF973DDE08132BDC56B3425C461FBB5548BEB04A4CA431EA226ED3AC1AD3463BFA222352CF4AAB9EF5AE52D8
                                        Malicious:false
                                        Preview: ..XI...jx".1.....{.)<.!...6j.4-.,.[...6.....F.O.\.6.de......K\.H.k.....F!-... .`......+y......7....J..J/%.M....NF.t.V....b... .U...y.(=.4....7S.....F.?1ux .I.4..MW..).pLJ..E..<`...7......\.....H.^.>...dM......?).t1....|..k=...9....E.^Or.w0j......(H.. .V..p6=...*.[...:..(..S1.5.........p<3)....\U..."l....,G..o.....k....O4.....5..B.@.*:,...`./b......3t|..$.Z.Hl...IK. j..f1.F.K).7<..Y.....gC..Nk...%.J].s .?u....^r)..qnsk.._....L.O....qb./.i....@..n.@k9...@r.}...B.h%.V.bcB.=.....7Y....g..............$.........&$....m1..w.Mj.Q...!.T.g1.,2y.6\V.E....8!.lI..E..P..:..5...S...<)...O.s..%....|+....e.<(0wd,..-..Fm... ?... '"..p......P.WIU..1n[.Es.`}WEA.v.XP.$.".m...k...N.7.,.J.J....eI..,B...WR.\"qit.\.q..t...Y.......\.3.e.7a~.N."<.)|.H.....4E~.B..*..."...4.6P.L.=.F`...M...9.v...Fc.I.$.Xi..8.Vd..Ty.Foa..=...^....@.;......NE.]#M.Q...t..D.'.........L. .Q.y....[..u.x.9.-......V.h..\0....,..i..4E .07....e.i...z?..`...._9...kL$+'.S8.4RQw./.....F.w......V.(i...
                                        C:\Users\user\Desktop\ZQIXMVQGAH.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.859954284393041
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FE3919A3254560BEF682D82A4343B4FF
                                        SHA1:452E7E09892596BACD04918DEB8987606B2C0B55
                                        SHA-256:3517033F0B19A4FD02F6C9D04247B47310AEC1DECE946929EA67DD07C6E573D3
                                        SHA-512:8E420E10437AC92B8E4A75DFD430E58D04C4DBE1612D2D0F04E82FFBACC6A7B9597B555F51D7D34F47B08E1BDBF7F74A8A9F0E14EF8E3D44F8281FA8E069A0EB
                                        Malicious:false
                                        Preview: .u....3..g]Mu.;..u]*..b..XK.Eg.eR..BU..Y.XQ..u..4.....t._H.....y..U._...656.[It...7=..Qfk...c..s.%.=.......`.?..E..c..=P..&....eF.80.{W;.=.j.x].+b............"..%k,A.:b.9......@..`..GH...zh!NC.V.H.. .c.qm.....Sp..,(_.....Hpy...PT.....x.=n2.....`,....Y..*...jwU($f.i..S>...b;...Bu..Vw8,.......w...4$n.&....7....;..).S.k.P...1.^....]O....,{..9.>@%..+. AO...;i.a..%...../....Q......:..\.....wl.N.Y.F..G9.....a.FYe..^zP..8Ki....I......'..v.06..4ls+Hn..73A...?....e.u#..A..)....i.V1....5..............$..........>.....T<..I0.{LQ.6m...~}.\.....c.J...i./T#...m.s......36..^..GH."............Z....m..5..8....5\.#.z.1f..P .p...n.#M.D%.s2..f\X..=.^...}Y.5WO..{*...^..h.0l..W.|...b. A+..^I..!...U...h.v.e..=U<.nV#....b...w.Q.O..>.l..P....=.f.m..J!.K....Bk.,.k.r..p.ij.q.:W?..X..k;.t....<TR....O..lD..t... .....d.I..f@{bl...*/+.$...._At...}"....P.....!.sS.M..l...-.../...6L]..p2.....g.''...c.|<....*.]..[Ie&CaD.p5Z.....=.*..K.}..%I.[.....Um..5BG..C..c6.{..8.....
                                        C:\Users\user\Desktop\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):816
                                        Entropy (8bit):7.723727221878511
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CD36253AB00718DE6C3BF5CEB65DA914
                                        SHA1:C7452749ACDC88F83F4746EA7DC354B623AA6159
                                        SHA-256:C057DAFA9B7E48F27E22683C20A35D9FBBD20CCC25DD0599B755289CF9A4D08F
                                        SHA-512:5F00D3D13A820B4F7F20F50245A1B27717ED382F518824308E74E1F471A6D79E3B2BED18B9D79781226425982471D2AE088AD944F3DB77E81E75AEE23388D11D
                                        Malicious:false
                                        Preview: ..1.].s...o1.L.0Y....U..qE..r<...Q.;.....4....d.J.N...S1J.d.I...;....%Yp0..uU.4LW.9mq~[ud......v.d,...>'.k%..G/{.+..6.6.S...tf... MMb......4....e.x.;....D........p...B.%.R..F..;.EO.m...jF.j.... ..;...^....n......1.....{.^.%C.[*...o8J5..j..Q...m.p.b.....S......o.#&*...D.....~u_..C......<C....D.`...V.P.y...X.........h...HP......My5....I./.vi...GT..I.,ws.{.4.n.....i..qY%.TL.1..e7.*W..(%.'.F.9.T....J.4y.8....p....!.Dl..?4E....I.i.R....M.P-.i..2VM+hr.j..dx..K....|..5...Uy......$^T...+.4.............$...........v^k....c..}WeyJ.|..3?;.~..u.0.lG`.k...t...Sk.N#Lh..9=1.U......#...z.[..$.z..M..u.{.V>z]....m.........._...w.F..R..?..,M.. k..C....?.....+D$.L...*..g..`<.n.......{....3.T..../...!..r..m./.u...C..Pa?...].@.K|\..}=..e.....*L.....0...Ce...7u9......;.B.R......A...%X.~.t.._
                                        C:\Users\user\Desktop\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Documents\BNAGMGSPLO.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.863097549401651
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F6BA08D8D50C3DECD01C8A9219F4D984
                                        SHA1:16A9B1C454158F85FD5333D797A0834407188246
                                        SHA-256:DC3FD2C1EF7E81B8F78E0A44F8C59C605DA8554FD01B840BA71B231DC0497D88
                                        SHA-512:2DF36ADEC3610C49ECF07E55B5C49850BC1403C9CDB57F45C61178D2A34CD6D710E341E76D860726E6D5215FC56BF2DA16E964DEF2A9FF8B4A3FCBCB0DF9C60A
                                        Malicious:false
                                        Preview: .).sMf/Z~=...z.}..k-$.....H..eu.f.i.4.a.l k.q.*..azjWB...DqP..(L.qD4....%.l..n.r...F.........../..a.I.Lk.jV....n.._}.e..1\.0%...a..1..c......*]......S$..RO#......#.8..b..........SaA...l.*..K..'......Q^.T@#Bk,.a..........x.[...D:.&.p.f...tAGL..;..N$...a.....].8.2..<....U.v...8.+Yh\...\...=..]/..%........;..d..!...).qV.+....%...%.K......B/5.......&..._.3..z....J.*.Cu].......W.......CE...Nue...h.H.MD..}k.........;a..(..?:4.(s..8a..m..........a1T..... .F..$...Z.....&h.z:.=.S..,fIW....`h/............$.............1i..go./...,.D.}.:>...J ..?_3..6...S...V.u.O...t1...Y....I2:'.[..$.......]1x-.3R_..(.......q.3.kJ).....d.e<....8`g.n...^Kj..6...ZIr.g.Ff.K,.~.d._...3.,a........(... ....@E...Z.3........h..F..Rl.:1.V..c.+......G...z7...Z..sXAh....fs..5........M...z....-Y2..hmR.<K$Lz....t....?.hG...<.T........@a..50.~..}e0....{..]K.....M..=V.3.C.c.....[.m.......6..t..0..;....2pO<..s....{t..#mU.j......L..1.6aN3.:..O.....Mc..r{..Q"............P"!...
                                        C:\Users\user\Documents\BNAGMGSPLO.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.863133358682078
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:82940B45F924631A89A5CC032A4F12CC
                                        SHA1:96FA9D33CE182E46D5956FD738335C1FF934D247
                                        SHA-256:8DD1475626FED2F6E50556F9DF64A35DD3FD48460C1B574542E858DA9670BEDF
                                        SHA-512:FBED6E63580AE88550C6C0825E061CB82D6BF4AA70C536BD3A1469BE9DBC696E6476CA601B0E7A9A1CD9CFE0F8E687E353BC08CAB03A27E5084E8F1505054262
                                        Malicious:false
                                        Preview: ..I.V....Z...Q.A..j.:f..Jl..q+6. oN..Z...t.bP...S.NY.]:jN$.@d.&..j...."!!,y0Kk..........d.,.t.A8.".YM}.5._..|TV.F].&.2....g...L..A.-^..p.93\..g...cq..w{......./.[.Ry.........t..3~.kn..S.e.>Rq..!........k.]F..))...^...g..We=..:....(.../.z..(.%k=....7\.<.B....*w...h...G.nn..waR.t...i......,..o.. %KM...>m7K..#....L....A.\%T..@"f5.7d.x..Bv....I,..(..Pz.d..........8.....1W...U.]....(k.Ag..T..x%XN..p......"Rb..N...9..s.'.T.h.I....Z..t....'/.....O...'..D...\...*..u.).....U.|....&$T............$.........#9...]$..O.:.0....A.;..I....K?%..p...... ....Y}..*'YP .#]....%...Q$3.r.F_)&9=.U..e..g...Y.......Q....7.....5.KLH...<G'..|_Z|.....8......8.p*.......6...R.yD.,.I.....g..Dlc.k.Y.Os..*...|_.../..l3%.})../......{`...L...Q....0j....R........ocX...tn.....@..k.P@....._.........D...)...&.^..V...Bi.6.<..f.6%..w.4D!;.........*.>=...a. .O..F.b..!..[t...P.U.6..0.ss..w.M..:>.g.spn...Ic....z.DPq.Z..B'.$....|.."?..9....F&.A.#.`.=..u.i..5.OGi.. ..
                                        C:\Users\user\Documents\DUUDTUBZFW.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.864809542306378
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CCA6561B17C180CE5E0CA526459D6CB6
                                        SHA1:7579201D1950CDD75A4BC6D1748B95FA9CF760E0
                                        SHA-256:EFD40A0937A472F3EFE5BD8F2FA4783403AAE1CE18AF5D966BAC759B6F8FD56B
                                        SHA-512:07C8C5AFF6D0B114A08E61DCB37728A31F9FFA36FF98BFEC9581DBD944EE5598A6BBB0B84B3F2314D1169ACC2CD8C43DDCC462F14A68DBC167A0A64E14BD5638
                                        Malicious:false
                                        Preview: ....3.2.|...(wC.!^...>.0.g..A.D..B.2.)....\.X.o....#.+..r..xJ...J..~..q.^...........;...H.K.....0.[.]./_..'...L.E..Z+..l.J.2'.dU...<<.}I....$........o..B./.klN..'v'a.\..=.w<A.'~....._1...B{...@6n.{..[E|...n..{..Y..e.......%...Cj...9s....?H........;e.+.3.0TK.pY....L.<G.Z......].4..=_.v.....O....,3.p.............k".3l0x...hul._kC."}.=....Z+..CR...WkG.h.>..O...n...J..|+..k.0\.r..K......'*.%DB.T..b.ppX.?.H....f.c...\.'1.....QR..D~.....v{P.../=.cE..a....t....a.~.......................$...........<HZ....XR.m....SQ.~..a..u;G>.C..Y.E..kJ..`.....6..R.b...x`...,.-%Bq.._..s.......d.....%3#'g.dJ.r..t..IC.6.w.GIbA.6.OM.h...Y......i.b.Nx.7...`Hq....|qy.k...e.D\k.A.(.K.J....".........*g...I..d...@.Y&..../o.$M.$<...!.UE;a.....K!.._...y.a.s..(....m..76~..M.>W.O...-..+%..=.sA.=.....&....G.(..S.C.......4.L..!........Gs.....X.........R`..U^.hs.+&.-..t....<...A$.......J%..V.t...b&..e.7.&Vx.p.^.TD..Gjl...5d.#C.....yDy.....i...8.Z%..I.IH.\..V......
                                        C:\Users\user\Documents\EEGWXUHVUG.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.845779381271772
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B1CF4A7F41FFA2CBDA6D3A20D8A8BC49
                                        SHA1:16E9FDDB77FB10C89F78724D3A7B3CECAB5D0BE4
                                        SHA-256:B2ABEA33F7ABC9C9225C6104F3D72209253E2CA452EE9CABB3A445925F9853C8
                                        SHA-512:89914E5793830AB5F4C089BB743A87DD892D97E5048A9352DFCD79CDA804467FABEEFEBF3786E88B7681FF3337654D429DCC46F6B01C99BACCC3A484140A6A51
                                        Malicious:false
                                        Preview: .;.....>..8.}8...:....6|J%...w....O._W.ZE}.AQ.{^...-fy...^vn.@.....d........,.N.o..t;4.X.2..,..5...'.Y..pn.O..2a"...(..$....._=....-...X....p..8...._I2.......J-..;8$.#...C.1d.....c...b..0.dL..K.d._.b_........)........L*.d.j.e.av.N......%...z4Z<...]W...<?G@.2`J.....o...#...`...=Q...*;/.p.ZW.[=.>L..]........E..G...!.6`$8...3^|......}.x%....T...t.%..{#.p&}.ta_..x.$.......g.jr.Nbo.........2s./UWL....5L...(......Zv.a..46......"......$....K..........\/.....{...s!..`..E.[.W....#.0..M.=............$............|....3%.....}.j..$T_O..aNN"....n.R.d.6..t.....&.....0.2p.]=.vZ.V......Q..*..,.:Y...]..1..O.w{U.<+j......hs...........W....2j......Rf. ....1..>w.1.......R..........0.'D.....R....E....\?I.2.&[#.R......r.U.o..:....5C.U...>.2..........v!......R..].2&.........h.Y>...;.xI.....Ni.6... 9..3..1..B...j...........J.cR.L.t..+z...v...b/R.N.uQ...)".W.E..5...".|.{...Wx.......F.U[OE....8|...E#..,.....kd.X....../.QY..)......[......L.S........vS./..
                                        C:\Users\user\Documents\EFOYFBOLXA.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.84607559689024
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:13E4A2DB045E5157607C10FA2F305A78
                                        SHA1:DFA1EC49BC78628B66BFF09A2F6BA48BC5E651EF
                                        SHA-256:158933C148AB6D6FE82FD8779C7FD0F770C1558B40CCCBB17B0894B536A6AE1A
                                        SHA-512:C39A3BC889994DDC7B209804815CC649CEFE4CF5C3A0A528D0794B1972A617A57D1FA811DA90B71C63DC36E5C24B92D219B693A8BADA2EAEAD22E3D8BFB85011
                                        Malicious:false
                                        Preview: .Ia7..6.E....`,.!.gR....%...<.;....g...C..........}....0Y...=X..w..YY.=...n.4@.C7$R.f8h..........x.o....y.J`.T.=........=...`fAs.A.:...6.KL..`y..Nx.o.i..........s...9.........,........{.Z..$.. .D....f.b..U4..9.O.N.%.......Z...;......w....#.fx..Y..W< .LA{..1....`.|>..y..}.z.cc_.i...y..m.Rr/-kN..j4..LY.m..;.l#.BH..hkA*.'z.X..0._....=9....A.k..If......[...j8h.:...o@.2>..1y..J..*Z.....}@{I ........~./m....r...:.Le.{*..R,....y...]~2.*..1...1].>t.g;..#.ZV..........Q...o.1.;.r.CHdPK..}..4............$..........^.f..rc......A.j.77}U....T./.o9#.FVj(.T..ih.!.....]..0.i.@...;Y._p....D...............B...M..[..]4....Xp.T..P...4F...ua.kb.....)...t.e01.3.....a.j$.u...d.@..|.:.....y..m..{)....; .+.........:a...d.......8....G.8..<~..L4..0..PZ;.g D.J`.D.h^a..m..............*]M..z0.....yk...;r...S.A..of.11.v.k.;.>BH....y..<..Z.{...?S.5..8f,..Q....T.H..4G...&o.Yrv..Y:..&.RM8._7......$..*.yf~.~K.Q..j.~..s..8.<>.>i.ON.P'B.B.}.OD....|...A.\...`..y..-..@z...B.!...{
                                        C:\Users\user\Documents\EFOYFBOLXA.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.852787983212724
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3E059C28F1EE3C2E6A5EA187BEF563F2
                                        SHA1:BAC9C4D72928F70121539FEE2D26269A5806DDE2
                                        SHA-256:262822FB0FC200F58D3B83A424E3E3712E28FBD29164577BD9DE7304D1506878
                                        SHA-512:40411DD550207FA3120C9FDD20A267E225D8C85F1FA8DB5B5DD64E758371B3C2308A5CF3BE8C180FB4991878D867081247E6E1C744FB3574907D4BA2C1F89DF9
                                        Malicious:false
                                        Preview: ...t....m:....k.#..vDoZ.....9.v....*!.f....xl..O..V.=.....`..e.......w.E}.. (..S*,`....NL..H..x.i.#B..8.)'o."....^F....O$.d..2.Wcg56......B5.w.AgsN..S@..f.|......u....Y_....X....5j......."...)u....J.o.O.....g.3..w.8.5...p...6b..:.K>..@.*.i.T...e.....@*.7...g......v....@..,...K..4[....B..!.7..3.8AG.i-.....W#./AqbJ...,sE..{.....<*Qj...l....Q.!.7...).G../hID...A..U|^4."C.V{C..?...P.U..;b...4....N.H..g...%..:...#e...c)H...g..>....d.-]B.../D..a...#...{..T~...S.{x+(..Dl..Y../..xv.V............$..........U=...0...}$...p..9.IqW.i.K....RW......UHZ.v.5..dj....nhY.E.....5.....Q.....U..L..F.CK..4f...OO....S.qz.3..3}.c.z3....^.J..wb9.D=.V.n..2z......o&pT..8g..*.n...L.....1...w....d...4...S....D..C..C.F....,.\(..B6..}b...D...L.......y....BWS..z`.......o..2.C......^..hE...j..h.~.'.T..$-....jygIc.".!Ey.n...G...f...)...u.#....0....2S].?..........'9.......pi.5.z.....?.G!...{{.'.Xh#X..d..^........v.H.c..R/.ZB...k....JU..>....!..-."@>.r,.@...
                                        C:\Users\user\Documents\EFOYFBOLXA.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.861240871031053
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5B6B5462987589608360EBD6E53790EF
                                        SHA1:0C86E5A030E31FFF7EEAFDC1D22B7CE1AACCC3DF
                                        SHA-256:3FCF4AA7921E1E1FF9C182FCA369C93542535FF33A33EEA5F1A9C26466E4E060
                                        SHA-512:C8A2F8B578AFACDDC9DCAB9FFEB52F3DCB3B068D842AFEBCCB4117BC723734693E86844C8595E6271F72CF1155C2EBA81EFF9FB04190B631A224923251E0F58B
                                        Malicious:false
                                        Preview: .r.....7.3.s.U<..m..!ZG.w...r.S....e[.Fs..a..fI9&;9..q.....=..`.oB..>;^..R`."....^.....3v........W/h..l...i.j_>.7N_.Z.....{G.c.....p.+.i..6T.. .3.\1........!....$..v...7...H...\dr.....D.bc..m=l.&}..a..j...M.4>....rH..6.f.-...<....V......u1....8.s.E...}.[!..h..U.G%X\.'.vsI.....'..F.qx..;..Ky.7....H...qO...4...4.8'..q..|..a(.a9m@.52#.......0.....O. ........F.c.vN8k.-|=3...w."..Jq......K....U.^.C...QU.:.H.%.....y.p..:.#.E.".(.P...!.%\2..x..h..&..S.....?...'..@.....<..q..^.......@....l=Y.R............$.........L.b..l=...tP.t..Zpd]..XLb[P..A...w....w.M.|j4R.!.3fO.Fn..G...}.G.kj..A....[-..taF..]...Lgc..cwqp...j..-'@.x..3..(....x.H(..)f.-M.zk..G..<..L.qstG..M....O..D.sk..e.LWr}.q...,..q@#*y..6........Vv.../F.0..Td.k..g....^..j..(.<.n..$.2..9..C.D.u.r..H.4,B...F.r...UzLx.F.bZt..e.^....P.fA+Vd...-..6..+o.y...p \..A.}........../+.....XH.AL..0.o@\........8e.n....q....9.>.j......^#..n.}.Q/D..q.........!..].g.)...".?K|.........l}I.z|..:...Z9I..|.<...B.
                                        C:\Users\user\Documents\EWZCVGNOWT.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.869323231920392
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0BB2CEF6BABC280AB2B76ED8BD369554
                                        SHA1:6A82ABC74542C912F9069A00F1EAED968B710DBC
                                        SHA-256:0E45A95BC938CC1B6016E1CC60C825561FF16BB5AA8D94618DFABA75051F192C
                                        SHA-512:A6E12108FA44727765152CA1506A81C0B3D63AEBB8F08302D2D11DD948A40595DBB86C65D04D74410AAB023B187C1B495220C1F909E33032BFE448F105627909
                                        Malicious:false
                                        Preview: {.7O.}!./..H)...H.V..fP...J".;...v8B7U.....>...<.m..c.........l.A..J..d...K....(....4...."{X.w. Y}.....>..B..M4.V|..*.B......9:..bU..|F...OV"......t...8....q.,n.....=.w..c.8..1rw...zs..5.?/.....T....\?.....H....$Q.DjK..2.x.[....].%.<.X...u..l...e7.N...E.A....Y:.A.q&k-f.0.u.......8o..$.Z>.N............e..H...bI...Z..-.b$.D..0....Q.|2..8....xw.w.../.`u#......{.5...FCN.:.....Z..C3..4.j..>2....M.....H=..u6..\mV#<......+.%.....;Cwb!.'..;...&....DXD5.......3..~..P.. .V...B..\G.*...+............$.........E..nS.).A.,..k..A...w..R.~() =..--..)5D*...L...)j...&....&XH.f.V.yh..K^..'#.\.90.[V"..w.>.M.......l>..j{.".}.Mg.B....t.v.oy.~....R.s.4.&b.%@K..r0.:.x..q......c.[.N.5.@Tx*..O...$.kg.`<~z...n..j.+.z...1.._.J..*..K.H..u5.=.Z.n.R.+..N.b...i..I...NSp..t../Y......?t.2...Q...[..R......P.....)..eT........1:..5|I:3.i...X.4R._.\O%..Xb....i4..m.................L.\...B..s....e77.Hb..:J... .x.E..h..Io..U...gz.b.o....%W..p.otS.......+WQ..?8(O......C].
                                        C:\Users\user\Documents\GAOBCVIQIJ.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.857834456665925
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2AE05B6C3443B0707A930A614D47950E
                                        SHA1:17C8B5987345E489CE76DD457C6074AAF0CC1D5A
                                        SHA-256:C52841105855BE7A769415886E9222E7020A815555D2A756DE82EC9DF21EFA91
                                        SHA-512:18495381A6CF6236608CEAD08B5EBC8F6AEE2440237B20833810C2D59FBE165F7846BDDAFEDE11FA7B2B57B5BF9DDAEDB34B97657F6FE9BD13462AE26D69D7C7
                                        Malicious:false
                                        Preview: /O.hx...u...?...L..%..\...... `..qc.,......%uO.G....i@.9O.G.r...`r. ..^F.S&n..QW.R...Q$..4seuC..|.q%.ef.v........;..f.T.&.r....X^.....qJ.5M+..S.._..-?.Z...x...a.......Ev..R.f.....D...(&.-.....cG..e.l..E. ...G.d~...G..E.h.D...H..3C`.Z.C.u^.6..'.}...{.m...7.<t..;.......l.......`#Q..L.*?JO.A..c/...\[&.h0.,...q~.T....q..2hq........{iQ.e..A.R..d..dj.m...x?.....q92..U....HD...+..r..V....a...x..A.%...*..}...*$$d.].m..G..<.B..6..6....a]. ....T...O...H|MY......Q.f..Q...*.L..v....l^.....0E.u.G.T.?.............$.........6.H.8q...D.....ep...5H._.D..:#..eDq..d..b...#U .0...4...`_..K...8.....FV.. ..e....v.i_]Y...._.?.Ze.`G..-Y..7.p....].~......<..\L..M.-.{`...t.....3"#&{..).e.dt....'.....].rX4.q.,-o...]ElW..R...g..Z.PAk.q.....r..@..T..f..4\.<..b.M.....Z....Q..s.!G....i.x........}m. .............#w..7.._...L.Q`.z~9#..t......WNI....@.'.:..F....j@......).e...K.R.....\...\s.uz....@...<.....&a...)..K..J......:'c...|........H..g.c.hU.0.<....g..4......W|..Ht.|.!c>.
                                        C:\Users\user\Documents\GAOBCVIQIJ.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.869488988970064
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4DA2E565067D27ED8A715772E1A1CA67
                                        SHA1:2766E16385B1272A742E929BF0CCD22BA0E31C8E
                                        SHA-256:3CDFDC7F2254DCFDD0A34DE967F08F57CC2C8E2C8BD032B4B1372E10D2D7110F
                                        SHA-512:DD5C661ED8B0B154E23B531171A5AC7B9456009E34E423809E625D9A1B3D365E710A41B8F42D98854016457D02616A015E2DD19FE198DB94654A6BEDAFD92C93
                                        Malicious:false
                                        Preview: 5j....N'/.,.-.;...B......c..n.DDe&.t......s...{..../..<.....x.+..q...q.,...L.(K$G.'r*..PM..\......oM.2\)...R....+..p.......Q.G.!%9.8..Za.[....xKz.e....j.`@..X...2+.;..Bg.T;..KHF.m.$.v......b.J%.]2.='5!.}.....dq..i....#.b.=z.($..P..N3`s....hv.*..#...M;c@.T<.T..~.v.V......q.....?...W.1B.=@Z..,.z......c.\.K.+/.r<h.2Z..w....48#..O.hl.........*b.i.;.....sF.M.5ol.i..Y.+......:l..#.EX(3..~F6...cV^.6Q..Z...".W....Y?.'..(..tV;..R.c.j.+@....[{h@/...$o...w...i.W.....(.p.5.G...I.U.>]y.Tg".SQ..p.w.2S.............$..............P........w.....H...x..H5..Q....c..........".....a../...\Tk.s>j>...<.0..f....].X..f...F.39..^5..M.Vq}.J.pG./.EM.....J..B..>E%u..yQ......_6.F..%.tx.7..=.0I.-ao.=6.....t.e...\[o.~.8....%./-...@.......c.MR.w..r8...F.;s.......HkL....\.F:!.%...4~......g.|....g.J..O....l..@}..Z.Iv'..eR>....+....~..=.../...u.A.e.1..9.@..'..ZYBt.<.y.O.,b.}.q.....zLN..#.#...J..'.M.h._...FW...[..@2A..fz..3.<..7..V.....!....;..5..1..a..J..G.nm..."..A.U.)...
                                        C:\Users\user\Documents\JDDHMPCDUJ.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.886194339635066
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:893B16CCDBC2A0E1C53D3EB62BC3D9B5
                                        SHA1:61CB3E4048A66948E3A8DDE5375BA8AE706F120E
                                        SHA-256:B75A12D3BBAA08A8C29EA9764C0D222CCD556BD7F94E1C989AA21E14B145C285
                                        SHA-512:04A1AC814C73D82D6C21B1BF827AD5BEE612D4CAD79117881E92E415E4AA40EBDFDA1426B5FCD0B37EEEA25A8F5D8C92485B5F9F5432AE44490EBAC4DA90086B
                                        Malicious:false
                                        Preview: ,.~..wsK....z...t.@t.}S\..'o.>C.t.....6....'....J.....s.7H.."..t).6....e&%;3......kZ..........$N..I..X.F.Gw....CL..'l...a..6(!....Wu..5.........?..wC..2.t.I'.so.......O..*.}.....(+.....Q..!..,.g~N.d9.7...u.+......h.U..G.XCW8.....y..-...g.A......C).....a...N.Av...w1R......3...U%..z.6..A.cT.;6d..~.]....f;F.XPF...B.b...?.......y.:.|..M.Y....L.3.I.b.....S..v...h........u(..#..y.c.i.R...42S........Zd....3k`.t0.it..o......l/......o..Z.@..8.\..+.+[.B`&g]gKu..sJ.0g~.......fw.z..`b.............$............0,.-l.3.4.h.).l..o..`.38.HdA+...PRMm..t@..R..\..Q9.Gx.Y.........].gSE...,(X.>.x.t..x.gOY..7...bU......$....y....?f...G.q.u...?<)..I5..'..[e..t.IbM..X..i!.@.Y..!u....l.F..,...!..c..s......Y.Z...q..~...]...3.f?....(...A...|....)J.d...[..Nj.*...[w:T!..U...l.....l..p=.Kj...Fk.D!.....0...)...U.......v.*...._..r.v-3...n...#..z*"..r....3.;-Ai.....v`..:.#<...v.....g......F.....A.KH5 .h..D....|J!)....j..>....8......cJy8oY.......zHMq`.?.^......?
                                        C:\Users\user\Documents\PALRGUCVEH.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.868965521380747
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:EF55D5336FC87CF893225A29EFD82B8E
                                        SHA1:388700E2899D94F8BF82E1A77465DB07FD9B6F54
                                        SHA-256:32F8B2BC58C6F60CCD7C2A4902C32C4778B613D4617EB45EA0403D5E8B69B62C
                                        SHA-512:8CF02955CB5171DF3934B58EF7EC83B38D1B25449D3AC2CCE5C84BE6E0FBA6367099C461BD22157A90721EF1703FA944BBB6B4EF12013B978582DF77DBBE0FFE
                                        Malicious:false
                                        Preview: .\.t...O.^<N.7....k...zI..qr<X=X..].*2...~ZZ.#..Dy._U.}..4...y..}..KcB.`.V...l..x>C.H{0.kp.....CR.4^P.b..@..'+.j.Ok.I..\.I.#n.1.......TjO.y....7..6+...,.....P.Tg.@.j.<DI/....v....j\..+o..|....u..m..5D..j..#.Ct ...>>.t..^@......EHY........H.......<.k{N...Y....X*.#.../.|.cZU.uX..t..F....#...4%..t..G.Z...Vv.'.ZY.S.......`..C+.$.^..B..l....=..go.p7....T.T@JyC..{.........4..9.)..?p(.."....SR...G.Q..........J.znc.E..ew.\..B.Qf.-.......u./9T..9........|...f...S.q.(...L,..`.;2..............$...........>...-..Pfo...n,Z..)A3].u..f0..S.eXq......m.3.8r..6B.o...dR..b...."y.Z....s-....L......Y..; T.*Wp.O|..A#.nHJt~`....2$.$j.947;9+>.v}z7.|4....7.........1T.u.\..\.{VfS....8.IJ.82...0.l]i.&.Hb....@d$.r.OQ....4...V..W=..)..uH.Tdcw+.x.C...W.,pCh....lBR...x.X..F....^(|..N(...nc...[.[..#.....dMd.........K.O..)#HY.......&...UI...8]k..*......d......+...h...L...Q..~[b......'.n...(?o.)..E..+l.P...'.{V.z...b......I.#>..!E...]....W.:./k....."}+..!.Y
                                        C:\Users\user\Documents\PWCCAWLGRE.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.8687695727191285
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D343B3AACB8731371C81D0830F256787
                                        SHA1:8FB5E7BE8C821B295AB92F1ED6C5A67F7046E916
                                        SHA-256:C3F673CB9D68C9FEDEF708C8B523842B3A2CFECBE807ADF17DEFC2F44BE121F6
                                        SHA-512:BAFB10BA8541BCF3B396B120B6AA515F5333EEF788B5ABE8C2AFA2E297F07F5B8BCE04CFC24038EDC7EE5B2AA3B7F76ADADC0CE80E5FFA316D4CEE56DBF6C57F
                                        Malicious:false
                                        Preview: /K..~.y'....%..G ...vSX)\.U..AC.jk..1/..r.;..+......Z|lMq.|.....P......k...........s..c...S.....n.G.8.....u......."..w.6.\].. .uxL.m....eB\dt..4....G....r..D6.Q..~.4R...~.}.dB8..=+?2N...i...^....h....4m.....0.#....^.....iH.N .U...=..G...m...7:^....)...W'.bG..p...~...........R.]x!........M...:.t;.._."V..|."..(%...".;Cg.C..'}.....#y...FG...nFr..E%..2.y..............[.....A.s.......a..3.."...#...$.-...).....9d.....H....(.a.66)...B.o..0.F.....I.+..n.o0.T.H...fsq.<.S.!a.%U~..1-e..8i............$.........E86...{.h.......}..V..k.P.Bq..1Rw'.x/e...5...NH.w...;.- z.!3.w.Fl.r.6..m..vD.W'.......o*9...O1.=...9...>L.gU4cF........x...0i..OKQG,.fr..Wc........`..F..xh?0b1w.....3..9.n.H..\.?.h).....sq_...."...3Qp.'.O..pgY.4...._....Mt....A.p;....Z.h.tLb.._.&N...+..........R..FZhER|L.)..-.L..g.....d...,.....YU.%.*.ak.r....'#Ro2..f$i...].7....f#.c..R8P.]X..<z....q.....o;o..2:...BG.^.J...AkVAOYi..i{........0/."AY.XN...S..v......u{..0.e.-.X.3v.z..X..
                                        C:\Users\user\Documents\QCFWYSKMHA.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.86258658338354
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8BE0F989D877C560432B05D9D2FD8FFB
                                        SHA1:9519FB48EAD8BBF7BA41ADDA7EA052DB8E5ABDA4
                                        SHA-256:AFED780826B9DF81B6FD766BD814703C08E6484DFBC1A5C6D35744C43226D8FE
                                        SHA-512:B7EBCC018EEB567830F973914DC6DC1D379F081A9E8948C263570BA886D927060786000480DA9430B8A00C3E17D3F63E7F1675663A76986324024DADB685CF16
                                        Malicious:false
                                        Preview: ...Vu.<..QI|N.2{B........!........VF.1J.4b.#.S~.oz7...wI...r.3T.N$.c..xH8l.d...-a..Z....V..ye........W*.i..e}....=...#T..D.|..6......!...\HZ.k..*.r|<...!...f...?2$(....F .MY..y......2)...;.|...n.1WR8..D*.T."|0.......j.K.......$.&.|]Y2F1...j. ...g....dj.J.4.J..(...L.D._.....y.4......{#...b...j...t.}.R.h}.....pa.E...2`A.].(......JC..G.~. .......H...%..w.s....F..|.zV.6.....o.U...+.U.:...c.+.._...}..XwWAqZ".654.......7..=..f....A....u.3v..Y..*..?.....M...GKB...l.~. yTZ'.t...m..`................$.............E..8...5.-..`.v.........=.....{.=fG..~Z....@..w=.T..6.....c..G.......x.K.T.xDE.~....F.@|......M.&5.gHn...+Or..u..][.J...Q...*............G}..d"6..P]....F...f}'y....6S~B..(].t.zJ..:..]...*.9..eGa.).bE.IU..Ot.9.....r..c|}0.v[(pR...%G....T.+.s..E..|!f..pCz...c.J.H.Y<..6....ot....V%..cck...$.rVL.@...|wb......8.D,..x.=C.... v..gY.:Da..Z...4..-.!.R.H3E8`..4.#.1<u1.......U..F..>..Z*.-Q.*...D.4f..nI*..../.G..g.$..........+k.....?.7R...I..d;.Si\
                                        C:\Users\user\Documents\QCFWYSKMHA.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.848406917370745
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A47087373B257E1DD6AB3655CC9D8C47
                                        SHA1:0AE810D4522EDD8C1F03019ED0DD556AFD6E9A73
                                        SHA-256:896E4A048B95E001D79A8692FBF2B1AD81D3089DC5B3D35DEEA8F8CFD5B3353C
                                        SHA-512:F714B690036917C46C0AF4C53838F52A476C207544D182DEAC383DAC49D408F8BFBCB03C4D3DBC23E1D6992E2645EA4FCD5A57C855AEE1EC9CE0FE116AD5790E
                                        Malicious:false
                                        Preview: ..6.an<.......j;.....K?.vgh...I...~.X..$l.5.9[./.8...a..(.6.8...bo.[.9....c..u.<.`zJ8U..2X.'...C.V,0. .0.v.6....P....;b.:.$.#.}....v'.ke.......J.5g~.s.>....g....:$..O.5yA...l'.{....I!.w..EE..NZ[Er.}..k0......@....`!.....!..m.....v...{..z..L_.....#/G../<.ln..X..{I........~..)Na.E.U1.[.......9........D..%....j........M....s..jWh..7...PP4_&..&b0X..N....A..{S8x......KZ9R...|`.i..e.P.[........9@u... (...V.U...e.J.%..qF.+..._m.x.}."M.,|V..."...{...z.0..Z1.S.|0.]..b...D..E..y\...J...............$............N..Od......:..Cc...3.`q...\P.;.........Y^.#.-...cJ......Y.0.i.....@/.d._:.sl..@.^&6..2....j.G...x..d.._Y/..:.>5.....r.o.0..yN.r5.g...b.,G.vD..wE... $.$O.r*Hq.......<?S.h...|S;.S.>,..j.m.mUvj...k.*.u.`b..u.........j{.0........>.2>..W....i..F..&.G..E.Nlr{/.R.7<r.m..}{@...Bx.........n.<...)..9g.X.K..z..W....5...0..7..K/s7..Q....f.,.n...9.....8.......$.;....|y....5...J.[v..b.....CE[3.c.K7...[I..*r.H.`-`.. o.R..cso..M.lV........o.F} &,.0.6.pl0
                                        C:\Users\user\Documents\QCFWYSKMHA.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.876560334609939
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2A58EA60770D36CC6767BA08C3E9E0E8
                                        SHA1:D9EB8DF115794909DF162CC3D454CFAFF74D1478
                                        SHA-256:766C6B6C8FB2F6A0C6B79D6F5B9C0A362CBDE15CEEE6E822172260B82E296332
                                        SHA-512:A27B1F9B4F7F56CC9EF31B112E7B6C917E1E60DA73B26E7C51E0A1896932BBA88F7ABDE8F2FB168DCF8E60D6E501DAF098BB911D5EDCBFE4F4CAFCEA168D2D41
                                        Malicious:false
                                        Preview: .*.{.a.p.t.\WO.1..Y...`....N2.h4.3c. ...1=...5..m...(9..=.`..)...f...=<........}....LI9d.....I..K.wV.....>.n8(.G..s.7..U*e:..8[..o..<.m8..S?6Ai.....r..}..el.3..,..7;.@..n.Z. .9Ri.{.8t6../.Oa..~..3NG..H*....c....b..H1.r..k.......X.uC ...._...%fZ....N...P9]....5....K.q..Y..d...<[.p...\o.......I..M.$T...../N...'.["........P..--..[e k.5..+..&.O.s..Y.+R..i...E!D..f..K..t.Y....I.......4..B.%4;w.74U8...IA;m..A`U..}..y.:P.....zo.T..._.{n..@%...6...c...uMoD......Br...r|.a..B9Wy..................$.........^J..@TK..]:.....wozI.w...mA.E.4l_&Ei...,`.0...#....S...?I...W...2.~.f.I....e..~4.Y.]]..B......0bm.q..wM...;o..:.........=....S..B...+..R.&.c..V..nF...?.1.....(.g.F.r?.......U..{RPu...J .K.g.....F......R.3.n.}....U....G.......V.:..u..!..'...A.g..?./.g.|....h.._....9X.q..&.Z...-...V7.2i.a+(.g'...g.\....(Jr?.=.E/.L..~c.C5...X.=5....Y.....op......8G........o..F>..y.C..1Lwr..7e.u...G^+..hD.v"..J;.._.....}.$."....5.bm..<..z&...:.......
                                        C:\Users\user\Documents\QNCYCDFIJJ.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.85829957955554
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:93EA4C3D57398CDF49EDD77C6301A70F
                                        SHA1:C5685ACB00913E18FF77DCEC0E1F1A0CB7C63357
                                        SHA-256:D4D9EC240BFDC7F6571EC87D166433E615EA99EBEB017E28B358EE2355EEBE9B
                                        SHA-512:B260B8EA7331F93CCF87EC7A68223160C0425359280415B7426D1C7225A10E6D7B5F082AA7984E2B956F368030342066782F1F4BFE6F85F106DB860CF96BAEE3
                                        Malicious:false
                                        Preview: .A..?...l.....l.E.....7...y....f...s..<.K..H._...cu.....b;....^2y..g...I...i.T..=.7=3...2.,.......#.......M..40w.......}.....E.;0.)..$*t-iy"2...L......9.....Y..w.Xf...E.\..L.........{hv..w.5.7.Uc.....m..9X/.".......Ah:..Q...4l.=B.(z..5f.N.lR.:.4b....W.9......mo...1..H<..V=.ux....j:!.......<..~...o.r2j.Q..D...........(.\DY...vG.....A..._Ky2.T. ....'i{...%....$......x.:{...7.b...Z....q&.d....^...EQt..C....n....TG.f....A....[.......pX.%...Uv...c...f...J.S.v..M..:......w'Z..s..0..0.K............$............d.0$4.^.".Z.\T..J.F...;0z.E.......hP...<...>......A.^zOX.)jA....g..0........V..$g.....[.!.|..P.#..I.X.......S$k.f....&.......IY.4...........Wc.....f&x#..u.)V&.T.........d.I.Fh.....+o.1..N.)..b.[...R........5....E:.6..S...g..E.W...)[.`E.^..!.4.$...nZk....._O......7O.....z.7..6...f.J... t...v.k....z.m9..@W6.}u.5.Fbh.....Wk.H8XC.,.Q..IH.t....T..I.<./.(..#}.=.W.D.......x.X..E...K.]xx..Qm...a>]P.^R.......oQ...k....0...<^z..|.}'.mf.4r[.3..djSSF#i..
                                        C:\Users\user\Documents\QNCYCDFIJJ.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.870550371795619
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:597A26D6CC86B1E76C962BB074CC41CA
                                        SHA1:AA98C6795732541287509868127FA8C6F7F01C5B
                                        SHA-256:569C7C92A66A89B29B8401F4ED48D739AC81A1DE396BB7F5C06980CE295182F8
                                        SHA-512:57015F837AA4F92249FFF4F59902FFBF0A6877BBA5D4D8780B180C3BD85B4483ABD535E2600E5CED657F88DAF522C85077818964BA3D280471F121C9C30652E4
                                        Malicious:false
                                        Preview: .|@.....ff....D..H....z.u. Md..5..._....;..e.N6gX(.......F.......zH._...O1..1.._0xt....2.JQ..)..;'..G.1.1.d*..f...D.n..r./H">..K.,...$APS.H.].|.1........sw....!L[XL`'.o..Bhi.U<.\..q.`K.x.....i6.{.L-]..(.._h......l.b.?.CmU...B.s.&pOy.......f...C=..o.....H2..Zj1....._.....z,[.RMv=w.T.._74nZ...2".5_tt..\.......=(.....<V...I."..r..gj.^sv.o)Qs]..;m0..U.U.|.W...)..,....m..,C;L_......p......w......{...&..8...4...g...u..Tj7....S.!cC..q..]b...(.oQ..F..........J2.I_0..>......y.......6..^.s............$.........6Z..]E.vfE......GQ.."./u......J...".V.z|..:*FyG<aZ+..go"w..Y.......>.....I.H.C...1j..U?(........}...U...F..)a..#>~...o.y..Ib..P27x...1...A.En)..(]...r,.o.[....g<..e.m.r(.u@4..V...f.Q.]...Y...c.o'. .<...h.:.. ...|.{......uLp2..3..[X....j.#n... .....h...A...&..t.......S.y...>.E.....9....X=.%.}r..2i?0.Hk..q........Tc...rh.<.h./...".......p..{.P..c.dTc3avS:8..d..B.7..j..}'.q2^...x.n.S=...[....l.J..D>.^..6.x.A.T.xo@.Pyk.t..O.@.@.V.&o8....$..I.w...
                                        C:\Users\user\Documents\SQSJKEBWDT.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.858830060301835
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C2FE4B380D4B2C46230CB91A86B53BA5
                                        SHA1:45A455398021BE26B85F6079E84D4FC8FDD40BEC
                                        SHA-256:81EC571862397C6CB47F6F204B47EBE31F28132F557CF2E9EE0A27F1082EA86C
                                        SHA-512:CF0D511C41A2F221D4E3C60A952137C52DE5B10414D0958FDC86440F0CF8CB6AE1928D8E131F97532C63129B98949F29A301E184A62ECEFCCA28D75B7CD5A6EC
                                        Malicious:false
                                        Preview: .F.f*..*z[J.i.....,...[.N..)..........u.....}....zko.:.\......4.1M...Y.......+..-....<.R.z...h...W8..ws.5-...qNDAF-...j.C0?....%..P.f...h.U5~.Va.O<.}O...a.N.[}.g.....g...........{...~...............2p...$..t.?.f...>.....0l '....!..%*..NKl..U..&au.|ru...S.....R.$y.?....K...2P...b....A......&S...GX..87o+../3y..L...b.... E...,..6.Ps/..........@.P*...Sc....Z].A%.O./:.%.)...vxb.p..?a.......0H..c,#}Z-.2.|..2P...Uoy..l....P86...b....."@v(E=,<+5...g.....O..M.....kQ1..3~..J.ZGY't.DP....#+G............$...........v^.F....<.S.p....caO.M...(.E6.O..i-...+R..E..ti...b.Q...BP..SIq...P..hD.q.|...o..N.q:...&2Z..L...+.\qE.G...n....c.B....3|4.E.i<....BC.Z.Z.v.e.( --.4.q..R.....f.....r....R..Nb..O-...........e.t.._O..e.fU9..%.."...^...~U..n...0...)....Q.P..PL...Dr.<.Z.|...I.|}...".&R...sJ.../....p.).p....M..-.R`.L..7W5@.k..J.|w`.i...l.a...q.TG....'J.3....vQ.p;.f.-y.H/..m.......3g-.3O....@...]_..F0..;YOqc#K.......;d..qC.!q.xF..........=l....W.=h...%.Z..`.
                                        C:\Users\user\Documents\SUAVTZKNFL.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.8847903350296935
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4023C43E09025D40607A496782B3992A
                                        SHA1:DEBEA3710AB3431B176732F62B16AF1F8F4E0805
                                        SHA-256:611D73BEBB7CB49E22B081EC04C32C6AFB3B6CB54E07B0CD96582BF64877370C
                                        SHA-512:6ECDD352167909E959F765E3E55EC0EE7FB831F35A7D7F75515BDDFA01B06480F18DE6444D74E6CCBE21C6E6CC7610CFBBDBA1AD26806BA221B01C051C185616
                                        Malicious:false
                                        Preview: ...6Vf.(.......Xcl.......E.N.....9.22.1.........%%.!.HK..M<"...R.H..t}...=.}G.S..9..G....D.J=yx......a..D....s...m.B..^...Q.U.6P.}....BV.....i3.H..>.....1..N.....Pca\.?...w.....:.E.N1H>.jK\...C..&......@......-...J$.j...'......bIz..6.....;o.......b~.`.c...e.~....6....\%)..H..I.s..Z.@..Mk.5.?}.<...a..$K....RkV../n.....=......*;.!.aU..d[I....e=.[w.)h...O.xv....=iA+!.....b.).R.7B..>.S..L.h.z..D.W.@..yt....ZP...0..2j..L....D..F....N......&..=.>..f./......=....N......a.......;....&/................$.........TJ....Z<<x.k[.AN.A.U...X........O.8.F.=...vo....u...(.,4../...BC.k....EJf\..0.h...o.....\.Nf.....O..y"j.V*~....q....!.....d....../.8.Y.U.Sa..g-.r=n.i....Jb....n..5OR.p......%...... q...64P..0....:n..(...V.2.........=).L......;y.g.$.A.`..+..7.1..w...4......o..6.U.fx~..S.h..3..s....Gc.P.v.....|3....#$X.X{..M........_79'.xS3...O..{!`....k.c0.p.p>....v....].U7.+.x<.d.f.9z.....1*..%....T|l|F...t....V...R,!|L\):n..fo.f.].k'{.R.F..'5....a.....Me..
                                        C:\Users\user\Documents\SUAVTZKNFL.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.869110439493091
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A021B9D3576831FB57123AF5C3F6C91A
                                        SHA1:08C5FF9C4C9DEB0D969D2EC6683FC9A00A64E0FF
                                        SHA-256:7B35A1D0DF32525E525863D24E83922256836225E4D2B0B4C78A27EF5E7EC244
                                        SHA-512:145AA1AE6B0BFAAC02339E72EBAE2B57ABF651406A7616AA171FAAE0BC2CB2AAF2F794204BB2418837DFC279A82DB5644E12A57E3171ECBDED3D8E6F36F1208C
                                        Malicious:false
                                        Preview: i..\.....i%7L.%j@..L6N...D|...3.q%,.5%-.w8=<.AC......"..r'.J/f-.l..Kh....@F".Q0.[..-. ^A]`l].hn.v..Yo..lt..4..T..j.....;..b..$..S..@a]..(Y...;3m\.J.?.....4.q{.82q;.P.@7..%.._{...g.:w.......gp....&.>-.....R6..F..N...5.t.U....)..2j.lPw...,...y.. -..^..r79+f....`.G.....\.'..U....+-tB.).....s.O...Y...$...:......|.?.....UPMYI.U2.+....Ek.|Sp)Z.|...Pq..~s.T.C.).j./k..5..(..GO.lK..&....!.#.@.D..Ru..2.|.g...i....y.B.k.|..9MX.\.pD.....`]Jr.. ,......I0.U.;6..U..p.......e.y<5.r.....9.Q..1..................$.........*.GTH_n*.HPU?.<.{.n&...{..H3.O..i.....%...o.H9.Q..Y.<...+b. ....O....;.L.I.....)$..o.y....z.sF..o..y.P.z...s........U..`....B......F).8.m..5.[..S.J*W....1...n.P_........P......s.8.5.>:}..Vy..0Bf.O..W.y.Nr..y_....:..Y4.G.or\X._.a(....G,.Y.Y..Z.....)....j\....q)|X....8o..E.....Rb..#....\G_....22.|..|:.g.........r".A'.$....7.5[..2...0....2.}.....].6.JH..C.Y2......$w....ZYzB....#g..c.KcLJG.L....S..j2.C.O....gEn$#...!... P....5....s!.. .#..~.K.sc
                                        C:\Users\user\Documents\SUAVTZKNFL.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.855495070937191
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D9EB9C65ABEB2B2AABDA3033E77076B8
                                        SHA1:591E1725E0D122AB07B08FE2C0B4ED53B490DCE9
                                        SHA-256:83F52CC35DA296B48F35FACFA9ECD3BD19995C4DCD83B6D92DAE2FEC9724A66A
                                        SHA-512:F0198E93952820FBE7FCFE45DCBD52D97575EC6C72D08984358A77CFB93BE97EE00B6F0DE62F989DF7DC72C891010A20527103EF1E0956CC3A97CF88B7358E8F
                                        Malicious:false
                                        Preview: 7Z...P....E....d.u....*..zE. ..C3.Z...v..j. NJ.Q<i..(..~.$..b.....i....F....Uu.|...H.....=%....8.T..3..+H]@.W.X....Ue.*.%"X...Lb..i...3fu....4.....LW.n8U.H....9e.H{..|5..+..\."..j.I......yf..1pD.`R6'F.......J._^.....L..*.9.x.......[.p......KC...)....^.rS..L...hLt...........\>]..w..I;..R.mi*"..}....t.V...b...]Bi.....s..AWP..._j.yMf.m4....X..../C...>.p.B:...#...]%.;...U.%~u`}.......%...dK...S,b.$...&].e.F..g...BJ.9......W...q.C..I..Q3..L.UT.b....1.H...yC.I._yNa.Rr.x...{....Oxa....V............$............dP..~..i....gw.N..~0)...9.2O..3g..?e....B)]..,>Cx.U.......zy.-..<.N..scPy...,..&K.g&Wr.........k....e>k.Q..R..G............k..'...@rVyt..C.......%=b5nC<.X.4k...(....5..k..U......W.....N..U....4...L.Nkm#.c..T.Eo.#..?.f..zx...e.d9.Xkr8..O.i.......K.=..6<.j>....|....n..!!....L(^N.x......^...>=_.....[..a..#..W.......N.[.x..2T....y.Aw.$.../...J.V.Qh.......[.'..I[+..r.k.^...T.Vbp$...+..8]....E"..=!k....3.....1.m/C...Tj.......h..?.}=&.~'^C...
                                        C:\Users\user\Documents\ZGGKNSUKOP.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.877912510366128
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DEC152C7909C811A2638F4712EBFFD10
                                        SHA1:557CCF00C9D0FF02282F84522C0B39F951E66C7B
                                        SHA-256:0838B2F9CB2ED20E1B4976CA9B0C79BBEB7A50286C3BD3B173A85043354A48BC
                                        SHA-512:F102456C37FB92A3E423EFEE808582CE6AFB350D818D5A1FE7ED9F355AF70308259A8D036AD27A6BCE7EB1AE8672312E59EA3417B8C2D34CF4DE77F45A785CC6
                                        Malicious:false
                                        Preview: .l|*z.vP.KY.]...P...?...6........].aX....t..+....R..../...(..a.d.e..(...b..X......K|1.'.+..u......|>I.@..+..c..m.M.D03.Y.S.... .yQ....`......)f..a.].T ...l...E.1.....!..K.'B{S.C.F.r.......u....Q.Q...z......I...&.>.#E.}......U..1.*-%.2....[.U..X.-.g..$.x...w.]c..i U..nj.@gcJ....vY...>.?.....5..2_. .V.$..u.9.S.../...2.:.............`.Y.7DC.!.eTO.*...)s....-s..GJ......-..w$..I.....5-.p.......G.j..H.N..D..1uF.O..0..G.Y..X.. x..J....#V...:...x..-.. ....W(&...*b.x/....w,..^....J/1...}).>O................$..........]...&.^..{..\fv..%g..q.$....U..+.......!...+/v...=....X|.......}....fEMz.+.h....7.O.or.X.m....!.l.Z...l|...?.k.z....xkx.J.T2..&.V2....5^.|..9..%_.t(..p..xY.I..._g..~..........z...Z...q.7s..L...7...{.....L:d[F.}`yl.3.M....-u....<c..l/*Qo.....g...,....."z.$..c.rt....3....w...+...&..qI........bR..E6.<-...m....'....d.{6".p..>..&.nN......../*.D.=...$.U..evf..@g1bG.w`4.....'..B.>...d.'..r...#U.wh&.S..;.B.......T.q./......7.H..Xf=.5.dKqV.4..<.2
                                        C:\Users\user\Documents\ZQIXMVQGAH.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.885742311931661
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2FF45A0383B25AE3AC23D451C473277A
                                        SHA1:29254A3391B2B666C106826479432E453490B990
                                        SHA-256:450C18D1CD2F19B0B21034147E15C5BA3CAEF350A695AACC34756BBA1A42AD31
                                        SHA-512:358D5A28371F668AD29F5618D50D40C8A250AC45C2F0D93EE0B1FB633749D11FDD5BA431A248D9C647DC8FEBF4B36040D532B54CCC96BD9ECBB3D4F6FA71836C
                                        Malicious:false
                                        Preview: ..egp.%3=...@.=.2.......s..........].N/$~..#.:.......5..{..E.G../H.'|.V....Iq...lD.....R......".Sy.._.<.@;....W.\rX.....[$..m...+... .w..f...^}..].H..../...s\...'-g;h>..NO.Q....I.]tJ~.O0/.....I...V.......T/=.V..>Pi......7.q.Q..4a..y...MAQ.~..)....[.j.....lk.C.>......W.b9..H.7e....z...f.x.....A`...z.....*....Np..pKkG....s...f|3zg..r ..@..zP$J.0...E.Y,]...W.9b@q.~......b5.Q...[..Ks.R:?[.....Y.........(.". .<R1-^..V.TO..4...DFd.*....D..w..|v..v.......^..46.....`..ICP.=...u..5)..b.R............$......... u..Y.....N....T..7./......}5i._........5.]rG.......V.H..@L....o.0u.!..Z.~.|E....d1.....?1v..._"nI. u./Cz.........t..J....`MmO.|...B.z.;.q...`#....(..8..S...}..n.%.3...d.....n...1X$=....5.(&..qP.....&..X....Pq.o-2.... U.<.....Ge3..&.MI..z..l.0...|.A...d...Ql.....e..<......2>#.f..J......jo.`....\.e..........X...?......6.uK|.F0..w/._..BT.q+Z....L...\.W..PJ....'.iQ...d.<.`...c6.......n....'..s.56..8..~do....*.Z*..j..8]..QK.> ;.&.mC...
                                        C:\Users\user\Documents\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):936
                                        Entropy (8bit):7.790692546749385
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:15F910D76C21F827008A34964AB14D61
                                        SHA1:F3CCFDA206BE393F6A26D1B78A62C7D8339A0533
                                        SHA-256:6E0DB1390CD8DB7F1FC9D49F1321A196E9AD7D207602001243FB98E7118053CC
                                        SHA-512:4420581D709FDB4AE19D5892962C03EF30B2892FB11690BC8EF6DE2D87599879285D2036CABF83510321057CE021CCAD84B89E38E84C564CA7E0FF9AC35DB9E8
                                        Malicious:false
                                        Preview: ..o..r..j.?...([vM.A.B.#.p.[j..H!Ntj..:.LU..+.Em|!f..T6......|w...{..bq.g.K......=TS..Z..f.x50wgI...W.....9.^..I.....iJ&..#....fa...j .Q...s..r.^.s.x.`g..CQ_\r....x..(.......\.P..c.F.q>$Cd..P.....V...a.....QZ+......=... .).v.Xt.aHe).}.d......R..../|..e\.t9.2..R~......._..+...[.).........Y..Y..)......@~.*.K..}....../...[.F.=.o.."D#......c...!i.G....g. .cb./2.c.<....6....d.H.<.1...A.&.{3...3.!?g..y.l...4R...._..Og.....s.....8.lG.g....R.b.P..)....... ...P{..HK;.[y.......F.i.S.o.............$..........B..p.go..B..N.oI....._.1A...]....7.....e..=.!..>.....C.r...'.'.......'.@.+..T3ds..8u.<}.W)..vU:..Y..%h#5.j62..-....*...$0.L.f.S.Y(....N..........ua..hmN......|.n7...5.a.M.'.].,.O.2.V.....'.Xz.=.u......."|...i.e...3......-.....m...:. h.k.-\..j.].........[.[E...x..`i..Z...~.G.f.X.5TuI.jM`....=.........X....N..HfK.a...vo....o..Y.R.^.N.(*.SPI5..+}4k.s.% ..;.}...h...i...m.gj..?f^UOB'..
                                        C:\Users\user\Documents\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Downloads\BNAGMGSPLO.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.874531472034696
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7CA784BEA721E595A285844D1257FC6D
                                        SHA1:8ED33AD6771539D5670DF935DFCDF15E4BA49FE1
                                        SHA-256:1DE85B0E3B7F0912F69148BC041F1B298A0059FF3E68D09601C3361140036E6E
                                        SHA-512:51B3813BB15D98C5E935C1B68CFEBFE64C4E94C929525AD3306251E80C719800C1F88834C26CDD4C717BBAEB7F8194B1BA5446A240787F3FED7A67FB45C687F3
                                        Malicious:false
                                        Preview: .AW.9BX(L.T..ifhBR[.....E.C.8]..bG@.oY.$...dQ.?.)_...Pr..$..2D...V^.S.w..6R.m...h,....n_t.!..;...y.m#.......r..rGy.....My.O.^..y3D&.......fC.V."....G<Z.h.ni.3..N.w(.w.FL...x...b.$..l...y1.....]d..C._..RY..KCG..Y.i.....n._......7..>` ...eKs K=I..&<H..8....[ax0.....0IRx.. ...;...o....>\~X^......0....._.p...........BQ...6n..0E..;K...6...K..{...a]J...;I.2.P.ZJO..~'...U`(..3.....E.T2.....7.L.9...c.+..R.R.Dk...+...!.!..wW.iy....3.LqCA....3../..{GQ/F..........e....X..u...?h...s.B[.;..Tccz+............$..........+......L..A.mS%.....%...!.w.h./H-..o.${.xnq.v]...I...^.r...."s;.&:......]X......'..t.Jy.z.....+.`Ys]..:......!.LzI....?..G..}0...........pN-..6nW.2J......"n.A.Am........3*#...Z..e....r....@*..{...=.F...,.."..H.lue.O.Mj;p?R.h..,pVc..@..4.,."s..Rd..5....o.E....Fc z{Xa1...jC.>.3ul...w.$"3{P.(..A...Qq..2D...P..W.^f....I....W....@....).e.#!.......4a..g#..........a@x..U..g...DI......gK,K.....;..2..d.9Gz..06..u....@.3..n...Q.MP`G.32.Q....
                                        C:\Users\user\Downloads\BNAGMGSPLO.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.864731549579906
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1A33B04974BE4FDF95ECE9DC96EEF528
                                        SHA1:2A55FBF6B7DA71A8D32136789F41CC3C7DD330E6
                                        SHA-256:1A39F51D168A4F0BB4E806E7786B97CA1825E097877229B763832C82D90DE092
                                        SHA-512:C6DE058D3514F0E241F6A06CBF5EC04CADE2D98EE8C9B0E7158286F3558A8D6CAD0B9ADBE01DBEEDF89ABFEF70AB5517FE6FBD4F053D5E9476ADE665542E0C99
                                        Malicious:false
                                        Preview: ..*....q.a9....n...J.Zps.V/...[...`.$.Xz.g...<7..c&.*....c...$...d.xL.........+..`8.J......h...zU..$..p1.F;'6.b.D,....Ln.n.+.^*p.A.%.J' .Tj.}.h......m.+..^....3...%1.3...!v.627.....:0...a..i.%zq.L."..rS.).}[..RgjV.C/m.4/:Q.2W..A.d..I.L,......{go"h.....8......v..x....8...v..%.....D~VoI..._t<..=...j|...R..Bz85d./8...b.. .md.....ErA6.j.>.....+...=V....b...A../../.8.k.........?.T;&..Y-...=f....Z=......([....}Q.g.i..O.F..eqS..#. T...4...j.{:D....g...g........i.~I.O..M..K<..E...1..Y....uL.9.}............$.........3.O.h...._.T~t..0.....YTlp....8..*sa.E..s. ..4Bg.........J.6,...I.z..d.ps..y.E3...'...*_3.6o...Q.....eZ?c..k.)...e...ok._....!q..l{..9...<...#W.s.r..d...w..h^R..N..-...+..O....[\_..|..........F....P^...Cy.(jz.tob..m\....>.>...JM.......?.N..~E2.Y.`.BV9.....Gi.FN.c.%V.m.h.A.R..p .E......`$..B....7Kf.$3....GLw.=Q\S.[7.p=.c./.O.c.!.4/..c.X.>.@..@..)..'..r&.'DT\.N...)d.3.6..G..EB.MB..L.>* .(....C.X....}.~.6..`.C_.8.Z$...d..$.>..y..r...a..j$X.a....'A.
                                        C:\Users\user\Downloads\DUUDTUBZFW.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.864673113830319
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D3BD25765B8BE8B2637612B074B368CB
                                        SHA1:ED2FF8148BFC5566EB0CED9E84BD39228D04ECC4
                                        SHA-256:D91183AADE72E2D50EBC66A6709CB0FB8A3269010C37FE39F58988BB83F017DC
                                        SHA-512:B9CD69A31F771683AA65C2816ED20CDE32284CFB940D38FE18090AC4F779DC8EF381AEC58C780B28E6540A2763CEBF53CFB041B1A7E0C1D52F6057656D4316C4
                                        Malicious:false
                                        Preview: l.........VC..z.NS>..@._.<.TXf.c3_...=mt...{}...{..Y=..n...>..m.2+...S..W.(.!p.Y.#xX.y|.ye.l... .8.+.@..u...Z.....z5s.1..`....?.DS.G.S..$....{..(W-`.....-.....o..2.AG....t.Q^.......zQ*.....C`...0k9:A.9..j...i"....0s&..|.+...HC.s..:........*Q.[...y.....e....2....d:..l.-..'.#N!..Y.Rc .n.<cU.B.,*....t..>@~^..C.{.....(.R.Eb[(.......g.W..Z%.dj$..z........##..`Z.|.hL.......b...3..b......Z.M..[!R....Nc..%...hXg].....8.-..z..,O-:........|.{{...qk....D.C.hz0....8f...c.!;.Zy3..8.Y.a,.A...._K..............$.........b...psjZ......<......\.Y~}C......u.-....L'e.../<q4.P...tE.P.C...v,S^...v.....[...b...;...u..O..y*.AZ..n.....Z.;.b..8.......,.....Y.r.....C#M..o.T.!.y.C.0'..g.iB...w u...#>..b.xi..H..v$.|zN.`Z\I.....mgN...B4..U?....u..~.v...34a....g|....b.e(xM........IA...........gN..l.....b;..&.....8..a.<<.7J..]6...S>h.fc.#E..,...q......]i"~Oa_..{....I.G..1.|+Y..f.......QS....O...$Fc.s.$......x...5...pm..\.8.......pZ5...J.,..Wd..s.....`..\l....7...h:.....d_|
                                        C:\Users\user\Downloads\EEGWXUHVUG.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.859816564307618
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8C04F9CAD2810DC550A7B7FC6A519977
                                        SHA1:4747ED59D9FC913F2D8BA50621E15DCD44DC7B8E
                                        SHA-256:0A498DD8C63860AE8E2FF02688B371636BCC0229CA27AAF64C84CFD4F4DC9669
                                        SHA-512:98B5DF3A38548C5BB71B617CC6442C084A64DAE9F05B35600AA0D52ABB09458733530CE6DF576081796C7B921410BCD2408A81DC070016F6E047C5E8E30E5576
                                        Malicious:false
                                        Preview: .|...,..Q....m\.9..K.1..c3.A..GKE.a..7fi..?e...z......G'1.y...HizpY.[.[..=..o.pF..L...../. .R.+z*.\...o5{...P.ts.E.N\q...1..O..y.S.I....J$'RnI.d.\..$f..._O.Y...;dVX.).....5.....c.^.j.D.R...:..Cd.X...!...<..^...Z......E.].6.u..p-..(..jaY.O...Y.....#.S,v...x..?(0...z\?..~..1b..?.w.U..G...C..w..........gP..zED....e..UO.Q.Z..E.E%........H...<N[QQw-.3..E.(.U2..D:.`.s9.....>q^?...j.=[.(..(...+.....p.KeY..V.x.w:V.$t..;k....v...43l.>.FH\C+....#JX....#..a>.c..?.....B.0.......D.B...cS..."...7OVi.............$..........V.#,...q..*.(`7.$.,V.,Y].3..9.JI.X.a.Y.".N.-a^_...[...d..rL.E......{xAzYU......|0.J...o..=IG.....1.wT.........b....w..'.5..........xa.._.uMk...lh......W......C.=X0.;}Y`...WN8_..R..Fh).k...PJ6.2..Y...}...)..M...\./...LO.7k..G.v.O..p.4.....fB.$Yy..[6.EJF....g?p.....>kL..l..JZ.....k..X.uy>.....7._....=..?w..u.g....Gv=.V.H*..ScC....Gh."uAZ..~.......T.YPg.t......Q..l.C..[..#.%r._^..t....Zj.\M.F..N.Tp...L.x...lT....+.A...C....x.+..rQy.......z)).Dx...<
                                        C:\Users\user\Downloads\EFOYFBOLXA.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.867573745812992
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:11D8E4009C59459925D24044B66F6E01
                                        SHA1:6E87196E3E93FFE6FA775CE4DB39FE8A6C9E4271
                                        SHA-256:A40EE24CB48606E7A9A750F51ACCB552CC73A3E345C0D23B84AACC94FA58E1C8
                                        SHA-512:BE67D530F5A77CE0DDFA1AFD8EDE62BF421F3927937506EC5D4E34643D37CC5017D1A3BA486EA2054C255FB20E3C22935E16372F6DCD7FE977934DC604A0E4CD
                                        Malicious:false
                                        Preview: .$..+.~+....j<R.t.Y....+..bZ.....tA......'..*..0b.z.0..v..".k.'...Z..l.. ..........S".Q..}z.nO..dN.`.m..k..._m.L/....~H/\.);...J.......W.......0.;c._Y...MI.[E`t.._.....2X.gV.....6.L..Q{.h...D..........ioW..c.........u......(Y?!.l.(...(R..[..>.A..)....E\?..\z.\P..Y... -...K.bd...A...G...t<...(...4..i.".^..pg........},M.......g9j..w....q....5&k...dgi.0.K6|..._RC....L.....G..]..].Ud.4.BHa..K..l.::..........<...X5]...D.^......0.#Y'&....f...t..=.....?....2...c...$.#.5.@.....'...F......^.;.............$............@.R.^t_....u.E^z.e..C.W../...%`.%.4c...I.DE....j.4s....W^..(....G..."..7%.1......._io..k.._......+T2z.=....3}..^.q.....&A.~F&(md3..v.C.&[..C..EY>e.i.*.|.V...KL....a7O.;. .'b....-.....^$......cR...j;%'.?.......K..hZ..... BZ.i<..}.v..!..1.<.a"...p.O..(....q..n...{x........+.....}v..?.jY?..g`k.&..-.....P}7..j.jG/5.......N.q...r...x.P.]@,..(IDh...V.=.Q.f.}Up....2...u.................g.)....]..A...7...rnh....z.,.p*?z.p....9....~....$.6.tP
                                        C:\Users\user\Downloads\EFOYFBOLXA.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.871811320085611
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E07A2E082DB844C27DD5F087DFB36A39
                                        SHA1:3B17D82E1F28F998C2A55B1B2E022C98A76FD709
                                        SHA-256:97F3794381602F2828C3C31CB1719210877BBC2659B36A344C9F98A3120BDDF8
                                        SHA-512:8FCB9B819A6487068617D207D9A839063A894E9C77B49BC0B7928E2A8E02D118A2130BE7AD432F6B876895167BAF9B744E6BECB72A4B1270100D35D219D49BB0
                                        Malicious:false
                                        Preview: ....Y.+.M^.8.....V..c.%..g.d.y0...4V..........[....L....P..a|..+......k....5%.*4.C.S...|5..c..*.4..(>:...A.=.Y...Qc-T.....Dv.e...L.[+....?pv...^.Q%[+.A.Q.HG}[.\)...........[y....S.....h...74..H(..D....>.....9...F...n....v.Yc;...{..l..nb.0.I.z.V.>D.`:W.5...."w?.......K..]..q.\.\..n.j.Se..l..vH),S .....).:.F.J@...X. ..h.. ../..C..-J._>`.8....QP....R.....Y...).6.czL4...-.N.....M.bYM`hF.'C..#..h.G....B6...6Q....F\....X..,FkI...B..#2.J...>.....J.L.$...UohE.u.s...9+....F.W.......i~P.n.T|.0............$...........N6..........W.)........[..1Ix..EW.z.}R.`..X#G....PA/7?...&s................~5m..a,9..Z...<....>.En..G/.G...-.[%..2.........0#...IaVL..y/XG...#%.2...3)..I..?al...d.#E.+..-!.....O........jQ.....O....@|......pf=..S....'..p.X...+.x..|b3Y....$..-.Y......U...Q:......MzW..w..4.nT0ol$...9.B..=..v.J....7 .C.D....E.TJ....&6....xn.%B.N..U..rtf/SH..q......1...+..6~=.e.+.2...v.....E......~B....H.g.[.j..3..5.s....%...g..Z9..3...q{...[.....V0...
                                        C:\Users\user\Downloads\EFOYFBOLXA.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.886018826020376
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6B4E1A8623B0967F5C43B60E4DD39F19
                                        SHA1:E2FD678B0E06B52965F6E2129087A052A46BEFFF
                                        SHA-256:0F5C64F2FA67E361728F674C51DB3439802B619E35C4D7CEDA2EAEDCBEF46795
                                        SHA-512:E447FA41ABC1891904D6573C763E5192B51FF3EA57726CDD8BFE3DEC28AB3B8F2B93384029BF72049EAE71B7EB62473CDBCC2C051B64DF60255E63921EA67A3A
                                        Malicious:false
                                        Preview: .S..jYK*.?J.w;HZ..rr.x.wN....lm..g..m.m.....]K...y.C...B.kp!...l....u(._ ..........O..I..O......I.....d...... b......hA..cd....B.d.ZX..H.X.a/......e?..>@...^E.....#....,.q.U.0........+...A<...t.$...$....l.^.;1..+.......F...t.*. ...k ....XgH...o.=z..'.4KX..'/Qr.WV'..0...]...........0.;4$.....A....<..o.#9...*m...#..@4bu...6..~?.s......,....U......!...H`.1P.)...W.....<9)...U.[...s.....p...D..?....8..C&...U..V.v9..Pv^:...0.2)..,c].......I.......I&1.y....U.yu.....~.x.z.....X..rJp...x................$.........]c<..(R_..b..eJ...A.|.]...f.t...y...?...wV...s.V..-.~.M**.J...XG...`....2..xL......]VW%I....E.?...c..X....E..Q.i...K.L...1..+...dZ.+..`$J.kt&.u......m.........3..#.B..W.p.{...8-..K1n....L_.b,h.kH.].G... ._@.SA........<...b.Zb.I...l.n...-..6X#.#2....X....u.\...,.P...'.:.G....S.Yi2.m.9Sz..n.....sTG_...L.*..T..:....nx0q...*e.Yi6>......n.f...fr..;.gRcS;.m..vD.Y..H1.N.~!.......6.....T..cj6J.....{...{.@....~.T.%!.1.....Rd...........QZ%.1..C/.-p-...
                                        C:\Users\user\Downloads\EWZCVGNOWT.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.859687047049992
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6EDECFA5ABC1C2911BFE1B4498100251
                                        SHA1:242528CA9DE87F86F5CE9D998361D54D40C55D44
                                        SHA-256:CD29CE547AB3EE89271ED6655EFAE2E1DCD2D65F4EEAF08E2F476784A157429E
                                        SHA-512:385B68EC15334EC3D8B98684D067BE5A3CB102DB3BE49F467AB68F253E9E8F69E8BCD3C86CB98E9D43E3F544D15E97DD9F9825D7C61918876AF638EA50278FB7
                                        Malicious:false
                                        Preview: ..O..%.....E..)v..{I....y.S......lp.....{...Bp..G...x5Z"...&......9I]P>P.<C..O....A,!s-.ob[E.....G.\).$...0.\.B.5)..,\[...>...).)}. p/..t......;._]..P..N....~*.....Z..@Hu..JF......R'I.Q...8.....l...E?.Ov...n.H...[.H...m.k1t.f....|v;.3.....B..*:`...F.<.&.~...7.....Wl.......h~C......Vro..eC..z......9l..9.5..!?..v9@......[.5..&.6....)....h.D........KeyEA...U..O.k....Ljp.D6...p...E....Yj.v...l..WnV>.-..%......%|L...........`.as...W......z.`W.f.....+..z.M8.0h[.!..].JLZ.St....*>.<U.....D.H.............$..........."k.m...(.O..W..[..qq.....-..jjx...f9?.;.......;.t.O..y.X...y....yr.C.....I.X.....D...~.f..B....9.:)..30.A..R.$..q........z@..j../Hi....e......j..0|.N.f.....E..)YcA^...0............YnQ..&..g..D.....!m..p...!G1xP.Wx.p...L..W.J.6....k.nXC;.......wxy9.wk\./a.E#w."y.../..K._....N..!..4...$...g...N.}.$..).-...`......OSK.....1..m..1..K..9.9.z..5..0!..i../.w.0.(&...@......~m.H....k%{wW.\.?.k..../........{...},.@Y`(....uMO4.P......T..rC.....Y../
                                        C:\Users\user\Downloads\GAOBCVIQIJ.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.87752277557161
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B2AFFCFDD523DA1DF8625A76F87AC9DB
                                        SHA1:61E22E247F67E747637A0E709BC52F5EE693E359
                                        SHA-256:15DC42AC4439BB0E77A8338BDD51D86413372177CF3926A4BB1F70C71C499312
                                        SHA-512:43FA49C1CAF4E38C521C45F400C10BBAA5C04DA23B42069F534BC85F9EC2C538C171DC1E318E26368948572F3C415D659F897124898730954ACB48672EFBF7FE
                                        Malicious:false
                                        Preview: ......j\..>.Y.o.t.1.jP.=...6.@......0.h..c..{.a4...6 ..hBf....+.6....[0.4..$3.........M...:..E..........9O....P..&4.m...U.P.j.M{./@6G..x8.(..S.lRdg...PL0Q...b.?..?.x...9...o.....S$......b.......z....y.........uI.R.....S......$f...4..w..>..j..a.....8....y...qy....PBwJM..E...6.&.G-..R&.,*....r. ...-(.Ba.v'..m)Z....dj..R..DNJ...:...LI......t..dlm.fN..k.C4_.<G&].%...X....z.-.e.X.(*......5#..i..'.d..)..q.`0....=.Z#O?.....+".jp..R....w..^.;..161.....[x..v..:.E.#1R.d#....._.b.....3............$.............a..x..i...$y....../.|...\..[..f.....Y.-...,.....uB.'..M..Q."8..E....j..w.....=..<.8y.f.._.Yh...=...,1A...^Q.t...A.^.Q.G......E...t.r.<].s$...1.....MM..,o.U.Q.8y...4.I.....[.dY\.E)\<.%g..P.%.D.._..O ...X ...4...5a.8X...N*. ..r~......a.M./..Zuv..ug.Z..v....d..+..._...._....r.......P....:..5=.:.."......**. 2T.O*.1.l.\.N..=S....r.a..w;Fv...m..-N..9...">R.....A&..N.Q..N.VC.....i.a....B....._.eK`6..{.V...r........7.+wR.CZ..)....Y.....`J...\...W7...
                                        C:\Users\user\Downloads\GAOBCVIQIJ.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.86890338453674
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BBBC8B17926B9CEB1C6CFD47A06AF7DB
                                        SHA1:81917DAD350596EF4FF718BC4FDA64BA8EBACBB3
                                        SHA-256:C2DEC422A96373452103E867AD18BAE207DB374DEB89C33E7606681F3DEDAC16
                                        SHA-512:D39EF7B1473DA996CA7014DA812F549C0F2870C7DDF9B2FB574BD6ED812574B599865A412FDA23DFC37C765D9EFB18A4EA670C74D76EB552AD22532A4B26DECD
                                        Malicious:false
                                        Preview: z.V..L.....Om...5H..1......,$..Z.~.\...L../M..5..d...ts..K..F.......0.b.f3.?G{S.....6i....t.y...OiX.RB%..H....3.A...8.]....{jq..S..q..3..9..~...#........Q.^3..1n6(.+E.nf...{w..yR.$..;.W;':=..4.3.....T....V.?.l..^........oW..~.^G...(.....k...J,L~s.I......A8.q.h..M(9..Z.s..N+j........S.:l$..@.N....OM.......Q.....&...C..."./.Y.E.......X!>..~f%{....[.p.;~+....YA9X.nfOp......qH..dn.p..2....@....C.0.6.x.y..%.......sl\........a.<`..e..8Tuz|e...8....T.T.!.foC~.....V......e..I.e'l._<h;g...&A............$..........';...>.n......A.v.w.K...-.....W..=.(.P.....C.B..D..1.I.'=..,.U..x.AF....m.q......D\....SY....x./....5A....S.?.$(..D....?M[...&.P..B.-....6bV.C....8.,......).q7...".U..6...kb..0O...~./8T....H.#R.-....."..M...g.G".r^F,.......3j.Z.E.?{..6....~".:Q.K.6..L&.,lSA..V...Y ..h....n........'@...R..W.l...@q:.W.Cg/o...GD...^E..L..:b:W..Pi....?.....v(.u....Y.E".7..Z .m..\..5s..%o....}...o075...A2 jv..5'0.t.%C.a..6.t....Z..[..o....l.5...).&.c...
                                        C:\Users\user\Downloads\JDDHMPCDUJ.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.848947659977766
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:112EA9F2609AF72CF1E6E9DC72EA19E9
                                        SHA1:D51A0A637C9A130D3C013A2794635FD8B0221737
                                        SHA-256:C338AFB441F6398D4E8D72D81D6DEBD8D86B726643FBCFED3180EE5C5F9E108C
                                        SHA-512:59B5EF9CCF51A6BF9353F518856F245FFAD3390FDD4F2D11B8D335D7E7FFD5CEB059215574DD31C2841059ADA331C3BDF983DC00D32EC0A9E4E3F2141F54B49D
                                        Malicious:false
                                        Preview: uG..t..c^u.!......k....3........J..k...qf.R-../...d[;N.v......3N.j.........).IR..!T.bCk*...Rb..-.!^.'Dh..}.......p.W....m.+.X.m...P.#.*5....*;A7.LO.......o(..^coh..Ks...<4.....!/.$vjD....4.||.cWb.|....6...$.Z.m..c.dD.p....:...Y.&...K. L..9"u.;@.T.VD......I...=...D.._.Rc..;....C~..fwM.L.....A+....hr.......<...@.Q.!....$....G}..Wx..c.E..Q!<...Y...gv...*..+./..|.....A.Q.j..1.....rxO..;...F...b.[.j3y.+..........Tk6.>..'M....a..)......z.+.......?G.........$.Z+-R...K.!......"Y.Z.nm.Zy...............$..........%.KP.(WY..>..Gg....Fl.+..f.p..dpk<fMHn...}Izx..T...O2.X..Z......O..WWC.8...s.{...9..$K...n.^...:?F.d..i$r.8..`...A*.......z.......>"v.7..hc/v.a../.{...k}"uq.F.D.$................r,......O|....z.2.N.X5...p7...e....>....mj.....\....'..w5N...`..2....)p...f3.B....C..5.r.*.I......e..1...C.2%......K.._#..\../A-.H].*D..6.r.j..a..O.Q...z..:#..M...Q6...t._.<.&..U..}z.(fK....3I(.&..K.........~...e...d..2h?.or.^..>%c..oO.}..$_.0..4I8=.Z+.R.....f..
                                        C:\Users\user\Downloads\PALRGUCVEH.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.861167559895783
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:81A43469B06025A71AF7F72FDA9E6518
                                        SHA1:CC1390D37555C6EA15D750043EB291617A692B26
                                        SHA-256:491392442B147F16C4BD19B9903E2155FBCF71872FDDFADF2C905CA8067E7668
                                        SHA-512:6673261B4B26D7A541B2EF08C3057356F17C0E3BD6FAF885AA53A2FD2B33E9E967075DC24646DA86C0C1E534C85B5665A7D737050A7A1321F45C33C06B66109C
                                        Malicious:false
                                        Preview: ..2..~.....Q...y8_.v...u~.....ZI.I...~.d......U.F.S}.,..H..w.Y.f.?.ld=...B].....}M....B....x..*s.t.".f.L.S.5.'mlk.w4....}.....q'..PI........f.x.5.....q../..4n..1..bE.P.W.....=.......G...Tz4N[hb....|.$.TC......[..(.;.N....m`H,.s..mW....~...,.-..F..$..#..,".Df+.i.k...2n....4#[.X...3.>.FYt.....25.........'.R..`O1.V....5..3...Xt.O..Q.1.$.OT..G.....C2h..j...Q.."q./...YRp....*.X....R..N........qi.j7m.....U.zk.d..8.cH..:+3..:_.Y....V.1$....t.W._30./9..S..t.}._.......,:}l...`s7.b.k=.............$.........z.:.....c.?.u\...\!...N/.,...N(.....56......Q..X.K..~...M*)......S*j....N9v...1.)W... .3..B.B..~-.,o)..RYv...?...@...>...7.[n..i.N..a.-..ej.i+D).z... ...5R..X...7.%p..8q.........:-....s.q2.....-.!..).......[:X.Q.o.....6%...z....V.+,.O..O...MH.|mr.*"}.MM.cC.K.....=.0....ix..g[..c.... .c.z.o...8$t.g....tX7...X.$.G..M.>Qv.H...a.!d,.|....Z.@j..zkO,1..3...Z...Wls?..S...Q.o...=AfY...zo/9..YT...?a.....PO....2..U.]<..r....s..z..M.s.oy+.`...i...3....dKsd.?.
                                        C:\Users\user\Downloads\PWCCAWLGRE.png
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.873631393606767
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E49772380E98DA05D9E9BD0BC5BD22C6
                                        SHA1:765362451886FFB5FF3687472E8F5EC07BD66B5E
                                        SHA-256:D7CE030E56F1E38A0A4CEC26289A36308F3CFE6D83ED487509416ACABEC0C7D1
                                        SHA-512:528491C941D54460ABF5FBD90C1AC67D5052D242ED9F76B9E4350E8E2725E0E01A2A64CB277F25890BBFD99D27FE9C41BD0B254D119315470B11B5C808573C6F
                                        Malicious:false
                                        Preview: ..U.8...]..u..^...97.4..H.A...1...]_. ...S..Y.+K#.k..p....[..Y.g...D...fl[.?..!C>e8y.%8<c....^s.jz.1..M.*...."...p..;..,C...s...\A..57>.._...+.DN..P..m*..g...4.?%...QQt.=.qo..1..b........u.J..........T.F....r...,.+.\..y..^...aX....cP_:j.=.@z.b..wH.nt....n...s...b.g ...?E..6..H../.z7%.6.._4...l...eW.F....5{2S{b...i..kU......._.".[@.<.:.n....4$../[Z .);..2....D.M.r.2.....`..}#..B.m...=....Ns...U.!.......Z.T.#.0.....,.....}.T...+b....x........h...movh...:..k.gD...N.4.............$...........m..v~.jc"......N....7J.D.U."?....h...y.v..<8..sW..r.o.X...h.#U.J..%..D.{^........*..T...7>.^[..F.S..{j.......7^.....Y....q..y...?/..;..FR..3.L..l-........T..*.8..}...6.F3C." ....[ph.....#.....H``...@...{)..9.F.U..sV..W.{.'.:.)'hY%...w.={....g..,..m. ,Gq....0Bv......)..=Z.x..F.t.b6...|...0q.K...T....P........)..."....%.0^..rh..........jP-i..qP.&....clSD.>?..B...&....]...v0....Y4....y.x]@..c.A..IK5...-dDt.S....|w:...hCE.)2*.^.i...L.n..k.S...
                                        C:\Users\user\Downloads\QCFWYSKMHA.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.867871383181905
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FFB23FD10E5444E07B51F45F51CB6472
                                        SHA1:4F10D7EFDFB95941AB73656DE2EBC66F4B97C6E9
                                        SHA-256:03FAA81625C6BBFA034D0CA5073B553C75EE28F505B724073B451FDF76F6240A
                                        SHA-512:C6A2DA2E7AAB29AF115AA626C1513D2C724EBD4D24D636026CB83994A5B29AFD20787F926D8E7BD2591A3F64216A79E2A8CD4F617554E365C66627FCD880A700
                                        Malicious:false
                                        Preview: d....X.Zt.{..7...l..5.3..v....'7.[.r..o..v.^.r:..O.....e.*....1.L?..P.q..1.C.#...y+..K.V.v.......A..b^I.T...\..x.... <.#... ....x..........V?..g.."..o./>...;.....1.ry..sh.X.#..tFyq.Yuo0....a..........-.a.)I..(..#'.i.3.f...kE..5..5.H.zm..2q.%JG.Y...O.Y.OZ..\bA%....8..R..EA.@...>.-E.......$....5.E3. 'a.J..).X.s...,Dc..Z.9.5 .K}..`Y.rr.0...z..F....CW.....T.u.[.+b.....F.....F`.M..9.O..`I.k..cd.....8.9^......!.......".u...m...(c..!...i~. ...9K.M.a.vU\.i.J?D...\...lRnz.)...xh|.,.X...OE9....(.............$.........c..1.N.Yo.E.........{.|.t..+.~g/"z..Y.?_W...DP9....%.._.!Q......7.z....Jp9...e....)o......v....3d&...;.Lt..n.U],oi~..x._.LZ....+...~..z............';......NDWIk$2...pU..V,Yu..l\........?@<...:..b.!......7......af.4...Y...sah.C....*+..g9...X.M......._......H..E..j..o%X../.&U....wZ'*"..[..y...?.$.dB......"..w.g..6...b.D..........70I....W<:2......N.FA..5......'....\..w0..v0.j.g.{.<.z_.......9....T..i..3...J.)dX&.B^.a....~...~....R.w......
                                        C:\Users\user\Downloads\QCFWYSKMHA.jpg
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.867054705466426
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A1E223A5CF9FB17A3C539010CC8F7681
                                        SHA1:64686137A251FC965E3543AC86EACFECF052BC74
                                        SHA-256:75B6BBEC1E66E5ECC02F725D79048FD99401A122CCE3642BFF841ACD5DA5F695
                                        SHA-512:54DC921589E82B1A352622DB1C5B1006932E82712DCC16E5EED98C9F48CB7B173A6D06335C4AD7F5935C22796572CAAAAA1AAF825D4B777A7CBEAE48E6E722E3
                                        Malicious:false
                                        Preview: .........l.....cn.D..Q....k.............H..,..q].....|I./......kUi...}.~S.....Z.T.B.#_e.........P|......=IQ(.q.....i..P$l.)G+.....?..E9.R;Wy......w.?..A...a.OQ..rrq/....p.j`j..;...w.F5..&6.*r.d8rYh"..o.._s.Zma!n..+.B..m.....o1.".=.j...2.%..jF...O..6w./$w`....B..]g/_.Z.#9...N.'...05..O....8[......q.......(.`.n.y...6s0Y...rs.M.P...I7l.....&......m..g.v.5..M.r.)....V....../U..N.P...A]"....O...y.rgM[1..T?...,...........8.5...I....8..0..`...W.[.jiJ..r..xf..,L 22.<.J....(W............$.........JO.(..K....[..-...9....y....J.i._..}c..E..+v.3J.[v.. .K..I..T`....e..37.w..)J.M-...Ag....r..T{V|.E./.!.95...6.f6.%.....l...?q..:X....)......#_~....R.......8-..nYN..w...dv..:.n....B..$.Xd.u?..Yv.y..(.;.}..~ ..8...c...k.-.GT7..K..L\a..\..70.#..*T....'.M.n.....}...3IpZ_v..n.....^`....[.k.0ISg.....C..47..;l.m#.@.!N.....cGe...3\.k_M.G..S......T..4.`.].....&.XV)g.9..;..X...Uc.'^.y....sa..y."..'....:&.;G-.....[..]..).9......L8......."!.....K]..V#..
                                        C:\Users\user\Downloads\QCFWYSKMHA.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.897007862673741
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:EED394D6007D7EBCE8E2D23B1B26BA54
                                        SHA1:C0E489E330CC639DCC52C0CDAA0F097E5B786A48
                                        SHA-256:E7CA0723D5F6421C7C6BC062FB7A329F289D3CB6FD5A8DF8F7FF64C958DE85CA
                                        SHA-512:E261DF49412CB22165269511775AD4E28F5384245CC486B8662C8A3753DED78B9D4D22FD4E93FC6B2CF743A528E6F09D6704C35FF8160688F2B1E485CA610CA2
                                        Malicious:false
                                        Preview: s(>5.[.(..?...^....%...E.j;Ga..z-.zaD..C{..{.....;A.V...;...J...~..{..qh..J.$&..$n..;.).,....sp>....u.4..r..=".r.:...3.'....%.b..E..w..V.C.........&...w.DTN..H!..X..X..UA.. ..c.........;{...i....=..E..;.j......w.V..Z2Lzx.L.A..(.u..0.4.D.!...T/..g{...Q.[..\'...NN...H......M..+..P..C..)8W..=...@....gT.V..X..;...=...e......q.h.>3.q.h.C..fp....Q....?j..pi...D.J..W..SV|".n@..o....y9KLf....g..e[....@...v..wz......K6../.&.G.u......N.a#T..i.7..$'........O.-1.UE>3&'..y..`t.a.R!.5$...vw....;.B&O.............$..........[....GZ.5w..!...!...c....>...Z....Df.....i;.h..E,.?..%.&..G..j.i.W@..v5*.8..FGe..#..n8...m..........JN.^.\~.x.F?1".=.....r....!.v.k.....dy..$.......@......1.1.N...._./G!..}....W.2r.P.k.pC.=Xo..N.SM......mg..k..)q...'..I>!....U...o.:_..Fe~..(<'.%.....G..@Q.....#.M..yb.{..............'.........3.QhjD.4.R...`.UY}|..c....&S..O.9.{v.F.=.u.!M..hP..tb..*....T`....z..E.|SZ.f...~....yj...^.u/.L-dr.H.rH...I...J......yC.W..$..Q@x.*$.......:....t...
                                        C:\Users\user\Downloads\QNCYCDFIJJ.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.853924689063362
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1B73EBF45A91B26336848C9E67340F34
                                        SHA1:B7E412BA70F9B37219EDEC200A1AE91714D18322
                                        SHA-256:C89CA0F1A58607EB9F944D202C1993B87DE0467D480E82555FD02F6CD683E2BD
                                        SHA-512:B8180F7EB662A7D280D213396913AE53EAB5BCCAB7657D52A4D583D07DA47A66B77C14B01D0D03F238903A450B2B8483CDA0F1DE31BD12F46760F2694927A873
                                        Malicious:false
                                        Preview: ._a...9.....Uq..<cI..x..f.....*w(I.=\".?o.j..z.`3......q....i..;....+%...i...FS.H.U...p....t6.l..['.q.,["Nr~.d..<R?.].d'.t....A..[.w...Ts.UJ.....:...v...a..{.h.L.%...Q..-.h.J.~..G..#....a+.<.[.l}..J.M;.X.S..%"..A....~pw.@...oy.h.Y...u.^..5*..J6.f8Fm......6C.o%8.yx.G._[......Su...W~.....h...9.cH.4......m..Q0...-M..i...:..........A.f.....1..9X.,..;.bH...BZ........L...IbN...A....\...I .Z........Q.Nc.W..T..W.u.4.p< ..i..r.Kn.....I$:."l...K.....%...M.o..N....bc.1c}P..{.*s.V......,.Vn_.x............$............%.R....z.t..R.-.v....p..V.....'...s.Pv8Z.]..Nc..h._...m".$..........w.x.....4.n...E.vY\Mj?B....oX.:.......C...../....e...?..,q.....l..6..A5*..D..|...6...o.d..D....8G..l6..Z.....&...q5p....F.s.........y..#.~...I...?.. ^n.sj.....M.....r6i/..4.....qm.g.c^..C6Q.B...H.....D.....k.D..Y].....qOt}`...(;.r...w.;.D H...X.v.5...puN<a..F.Y_.^g...y.){6Y..N...`...<....\.j..'..i....R....Gn..Q(> ....-..&+....^{........._..j.%....9o..$.lum...*...g.
                                        C:\Users\user\Downloads\QNCYCDFIJJ.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.859970753107935
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A93BD113503F0ECF7E2BDA37D74CF733
                                        SHA1:ECFF76712306B51DEFA582F14089F170B8B58AF6
                                        SHA-256:FD83404657863F6AF7BD74A295FA28497DFC8A4E84D2C6DC7E31005CBAB7DC4B
                                        SHA-512:5C8D66F0E94164E93E2862BA8034C3FFDBC7552C22B9DD22BB4A4BC1120B707C92D2A303D65ECC3EDF008469C40D8C0E610E4C51A6CB597EF8EE38164F638044
                                        Malicious:false
                                        Preview: ....B6.y....7...u..=4...hs...w..uM.x..V....B.}A..B.e...S!W{..Zj....3.jX..G....e}.d.s..6.\^SH.>...AZ7d.`r..oi:.).......(..Uw...HzLP.....A.&k..j..J.1.u....\....!.`,\<.@....Co....'.z..K......lm3.5......i.DRZ.m.....l..l.i.+..........R........C..`..b.....8.......U...Qs*..... ..6OC..kr..F..8.1.J...S.G@Y.."....;......~..C..H/H66&.H../.S4.F.$e.D.y.$;.....7i.(Bi.$..H..@...`.J(..yz....qT.....l.....3....X..-..].,....8.w..o..]...|.8B.}..........V........r..ek.KV.q..i2.u...[.... .\V.....h.[.AM.............$.........A..^3..qZ&.}5..=..{..=.\v..XA......%V].F.^.......c...)..U.N)....EG..e.%..<.....4x.N)..U.bLAP....C..S.\....i....:..R.h(..Zk...:..m..|...&b._2A......m.............5..iH.(qSdA...`.l..%c...Y.tg.......4..#..K.#ER....;/o..[.hMiR<.U.,....p.....6....hT...e..p.6.....yf`..R\.^....;.9...........[.../.,..nPY......G.7T%.$w:XC..&....,q.M...3... .<.c... ..kXwm..!>............;..W0......f......#.` .[.........4r....+M...$...E.q.m....;....'.p..}......E
                                        C:\Users\user\Downloads\SQSJKEBWDT.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.8689005038413935
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E20BA15A1AD35C45C6E5B5FFF8F1FE07
                                        SHA1:010D588365EA6735DCA5D97920D40291B5183CF3
                                        SHA-256:7C92DC1DD7B35875E6A785F23E606F13019926158AC870F70A4AD0BC90392D25
                                        SHA-512:27B9C5BF8B4635E607E2043BF449FD5EA786FD0EFEB93FA48829A4426C5741AA9977B0C64B1E33E9FF5317D33E0442F3B19DE4BC1E968B50E89CEB22524DD566
                                        Malicious:false
                                        Preview: ..E.D....h3 ..[4.!I.........y...i<}w9...F......"...Zx.)'l..>.ZC..>.}..SM.....|5_.C...d.\w.yN...4..^e..=..hG/.....LqcI.o...H..'\...}..^..^..~%.c..m..}E...v........#..M.A#.d.Ol....y.` +|%.....'.y'c\..J..s.e.w.TV9...{..&.....{;z.X."....A.T6R..6...4a.r.....aR..7....'.b......x......<.>RyW..(G`......#:..{..g...#.a..O..vh.6..8....t.Rx.[G.J.Tp..~%.,..D...v..>...8.p..D..).6E. ..C>.ShlpA.s.A..jt2.x...V..........9\.a...>......L..."....Q:..t....:...B,..O....b.........'..Y.G.m....;..;,.............$.........aY...w..?#C.....o.+..P....v.,....D .......6$P.......g.`#..1.9Q..._?.$H..r.....`...F..........7...X-.y_].rM.$....0...........'Q`fJ#.m..."_$.f.... N.L...4...'...Sat.\.......5R%..yX(..m=../....R,..M.{...}t9.*&.e.)..*.......^..D...9.)I.Z...U*aX...gj..K.;S....?...hb...]A.w.a....V...|.."6.'@G......q..N+.0w...`.A.]_NbX2H..h......x/.Hiug.GQ......3;.!E.......T|Xb...]...'...9...7}..m.. ..||qt..O4.`F8[...U.R.UY!o. _...hS.E7/i.....Sy.L.....z..h=...._~.
                                        C:\Users\user\Downloads\SUAVTZKNFL.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.875497318818104
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:97482E4A10F90F053B8D64AECB7EA172
                                        SHA1:F6195CF1344C02E8BAC5727BCCA4BA0FAE1B270D
                                        SHA-256:B761243793AF53DCE9FBBD465C918014457806352C28AB4B28B362AB69DD4258
                                        SHA-512:AAD3DA5215274AA4A09B1CD0E83A6E650A7C51D7A1C3262322FE2BDAF9D18687D901C27906BC7EF06FB0F012AAB435EC74BAFC8F874F92D13BEC5534425EBFE9
                                        Malicious:false
                                        Preview: .R>...&..TQ..@zh........,..b..?.....^=...hK.nD......ZP........(......l$....U..9.......<N..:.{.....e.._.1.*..~....i.|[&....m.Y....@Yq......h$h..*u.H..t.mtB.K.[.H..:.|.%mT.)|.Jz.w.m..4.8...q54.0...2...O..E.Hd...my.F.% ..$..GX....kw..u..j.Y...9.]..(.a)..4..H..|.T..Z ..a+....<....u..........W.c.z..HM!..H~.T..;.[.^fZ..../.......c...[.......'.F'-e..2G..J.12..;_...x?..$...)w..._.....1.%..$Kd.~....U....Fk.o..p...G..v+.T...0..g.....Q........H.{d......N.^8.Q3Z....bP..bx.?ty......!....L.^..2.96.............$..........hTr...{.K......\F.g....].....B..yr>.X.2.z...0..X.9S.|...f..s`.L.......u.6......a.I1..?[5.n...G|._M...{..F.q^=.{.532.+2.....G..{........Q.._iE....x_..J..C.....mhK......E.r.%;F-.pw....O.j..]7..\....k..&i.*..4.@...C.....I.$[..f..v....G......2...D4.g4.oG.q..,...7...q./....kahPE&o,........F..&&..3d.j..z....F.c..Xr.pI&x...M.2 ..1=.^.......ID.%.< ...{..A...Nb..s.q.6.....@.w.t....E@L..'..UV#....\b.o^..).G.cD!.[KjI...a#..w~...4........rnL..~.
                                        C:\Users\user\Downloads\SUAVTZKNFL.pdf
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.849045066491831
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:93C0B93098DC028DC166662EC2913306
                                        SHA1:56144F8CA11114D8073CD81B2EFC1F985D94DF36
                                        SHA-256:1FFF3043E077BB47BBCC5214E92F46455FF5DF4EAD0A34C98D202AB15D70290B
                                        SHA-512:9F4B19671300B564B164288D2D48EECF20BF3F47ADFE5FF88FB370D77B9DB9EC3AD20D0A55BF42678AF50AD709FA66B865F127D9A4D3B6A6C2E9179006BFDA96
                                        Malicious:false
                                        Preview: 1E..<.Nmu..9.Tl|..^...y./!.E..<o.....E]fo..5......].A....2.i..j;?.."...~..w........^e.) ....t..P....././....7....X.d<.a..".mk.wz.'..3..K..>7F.fXT.;.cmu.."N'.8....@...o.p..C....*...Jal............:....Z.....V.4|.Z...6.J..N....q*`.....&.>....H.z%.v..$`..PX...........?...f......Sja...... ...|5.^...P.....)....'Ob.>i...;R..S.E...j.e[kY.`X.rO|.. .EqD.q.'.I...z.$......Kv.....d......J.Y..J.S>.R..f...I....l........U<.yx..........M.>..c...2.^."vU...'......U)D.+..R.K"ap..../...._..p.............$.............b'D..-&bY..@...QS........MK.k&g.h....v..X...?...:.*.q....t..P;U.........=]2I;..$.!....o.-.....(.$/e...b..+al....-2.kV.......ee.....\......mg.m..J..1..x....(..~..-`wC.$.j.l>...f......O%.g>.A...b../...E@...s...Or\..$'m..,...]..g.+...(. ..p%.._..t..x......|.).....-l).I..Sq)$...n/......_.89.rG.+.(....Y...@.&..cNOW.w..W7zn..l.D.>......\...2...FRuf.....y..d.o-x.3..>..F.H...B?.GO?.....a.(...4....}.?=....v...3./...<\.9h.'....l.-...1V.5.
                                        C:\Users\user\Downloads\SUAVTZKNFL.xlsx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.85317607718459
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:47D2342A68950B83DBEC7E70A1027BBA
                                        SHA1:DD0C67992B8D45C352FCB3D745276A0F37736A6B
                                        SHA-256:21FDF27E2F7B5EC8C8D9E0050198EEEFF2D0F312E9D4651D46D6237476F8193A
                                        SHA-512:BB394F9DB8B31C670FA9142BDB10C6C50A760EA89DED459A2B6005C2AF8A23E752080F8428356A7CF868C69931791E39BC5D4A9156393B83E4F0C73872935FF1
                                        Malicious:false
                                        Preview: 3a.Dy.....J...J.....2 r=.~..49*O....].Q*...s..$.....zl.4X..0Y.....r..%.dt.J.>.[^x..KZ....8.}`}......6kt........v.~k..+0#}ED;.m.Z.NFik.t.!8".I......,bqc..t;Q.....d..1~..DH~@z...ZB'?...x.W..v..&.....j...gu...j^Z#./g.z....[.b.->...b.w....h...@..f......^.k.0]zE.......rA....Ud.`......K..\...c.].v.;X..e......1k..."........,a...R<.[.8...91 ..u.+.....v.%^.L.f+....b..0....eWu.%d.x......p.-...).........-{ ./v..}\..8.v.V.....~.n/.._.....u+Eo.n..=..TU.{..?..M...P..y.......S.V.....Rr2...:^.7............$...........[.A~0yr..........C.C...C~{.B...Z...i.|~..9Z..u...Xaf.$....2....(.C..&@..<.+...N.........n..A..0...w|.....Sc*..Dt.\.....+.D..:..g.....+.{.@...*PUH......O<@P.{.Zc....w.!F.......%...j.s.j....k#h..n..p.6.y-........E...Z#..6.f9..j.Z..i.......?N.u.9.e....._..|.f...E$.....u%...g......J..H.W.^,..u<.3..FO......I....].,-.a...n...UD=3..J...Q.W....@.H....G.#`f..J......3.R..,*p..@...J..H.N....]g.....@.<...$J.{........Ts.({avo.PS....p.:.....
                                        C:\Users\user\Downloads\ZGGKNSUKOP.mp3
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.856361052071981
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9E1965763BB22F4D8BB766E4AB26261B
                                        SHA1:AC7F61152B0D6F3F6D706B4571FE258493108638
                                        SHA-256:19CD4EC48415F33E299D76085089143C9B0B2C1DAF62704D910E7EA3C4924717
                                        SHA-512:3CAC1AACAD52EBAA610407FCD9A5D8653A6CEDB814CB2EC0C790EC50EFDD2392297A96A72D1001607219986BF28D96F97A1D5C8A869E7DA1A5365BB9D74E4B65
                                        Malicious:false
                                        Preview: ...UD.K[.......%+.....).)..W.s...<'o.v...drG.].c..8i?.5..h.<=..M-......"f]U..'.j.....5@....oX......&....3....'.....3.qR../...L.hYEQ.\+.q..V....+%.I...&...|xP.z..>..tP...h.2..b..d[.F.r*.g.....E.l..'..M.yQ..b@.|W6.uk+A.D>&u..KZ....?..B8.{|...)5...]....HQ........o.Y..._U.Kho...$[.df})].*U)._.uof.MV.hf..j;Q....E...Y6..6..?b[>....+o....&..C..[...f.......f r_.|]...8Vpl..D.......b.Ot...#\.c9....+.cQ.Lv.9.O.....b.\.'.z>.{..v1u..._v8c3.e....S.q..t-C....2...(.X..}.Ow.O1.()'.(....M......p..Q..7.9.s............$..........m.).T...eR.C,...q..LGLH....P..7~.(...L4O_..z...6.y(.0..r.u..jv...C.......;.i.;.p.?b.........vYi.q2q.L..'I...j0E....*..?@.c"..c..T. W.B..A(..B~K.... kn.....][)..K.....D..........`.........up...\n.MX._.hZ..t!.m....~.4"X,.j..(.IY......z;c.....YD.....i......n_.5|..N...Q..l.%..k...B.!<q...<a.)..7s.....>H l.....x...d.V..].4.......1..s i.7!...g.{c.M..K..h...3.AMM.{&..t....#.eI{S.J...k.p...[Z..2X............bT.......K...ZZB..=.Rs.j.l G....~.U.....
                                        C:\Users\user\Downloads\ZQIXMVQGAH.docx
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1560
                                        Entropy (8bit):7.858855249774007
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3BE80A5BFF62B4019A9206F865A08815
                                        SHA1:5500FC63A85ABFA73A6C05FA33A900FBEAB6696D
                                        SHA-256:FD7F37492AD8357E10B220D18C81479935445478740865277C71B629265B181B
                                        SHA-512:43E925F42CA2ECDBBD25F40A7E6F3DC2CA8D6DE64E8D99FBD43EB1E731C08C4CB517490F52946134DF97E5A2F69D2DB2AB85843F6EF99F2F277B650B65492734
                                        Malicious:false
                                        Preview: S......W.W...A......{..I.hX.....(o..g..aN.a7......N..$....;.....M...G.'.:...=.e.....cU/................`3j...6b+.....m...`6..!..3-......w>..~S....m2.<.#..#.....}....^..z)F.%D..I...3T...N......kJ.3S...%..,g..O.7......5...'=..(.8....c..(V.........z2v.*........|..:Y..E pj.....3.C y:...&7.AtNcSwZ..+..T...-4/.+.....)|. ...N.A.U..9I7..]:."......d.{.W'..w.@.......>9...m;.&1..v..$H......Fv.....$/.T..peA...\-S.k.1G...........Q..V...!..DF.....#/9....u...G;.,i1..!..)L... q@l`d.a-.".!.P..}...B5.<brO#.............$............uqy..G...w.s....b\g..R.....k.o.A.H.$..U.....s.z..x-.....$z%..t^.kB.("/.G..G..n.Q.,x|5...x..a.@+q..B......ZPb....*.e..p...X.r..."H..l.,.[KU .A...iP.......3.1T...*.G!.c..[.M.5....52d.6B.P.u.5........._J..@..Q.n,e...Z...6.I..c..*..O8kC.^[..R.X....|e9.9....'nY.../.3..B.....`..#Q...H.9..=b....t............9.5..+q..~l...=.......7.@..s.".v....M.z.]...CC.i../U(..#..RX.U.z....U.I-*..&#..Z`....S..!=}e...0..,..}u.!..@...fF..-.j...e......bm..y>..b
                                        C:\Users\user\Downloads\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):816
                                        Entropy (8bit):7.660339621637094
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D113B72B7DD307B6275CB2869803F1D3
                                        SHA1:8D4211C1180961A71F3DB36005123FE4C9EFCFFD
                                        SHA-256:F331D16756170BA6C6EECF8591B077FBE8B0C245311323F44F448DF23133861A
                                        SHA-512:D493C31C8C4E1939D599936469EB2C4564804FF729DC4709E2F5A7BC358A8F79C51793C3824813E831713809689EB9184BE28002C209D3AB30C6FD1BA714A1BD
                                        Malicious:false
                                        Preview: ...E.>.....[. ......!.......}c.:....5.....u.?#..U,).w.<......a:..?..Q......._.U...?.T.q.....cD.V8...=.d.o0.....,.4.z..L ......uNO6.......3}.o..0*...q.#.[.....+.+../jd......D.od...n}..s..^.A...70>x.v.+Oo....qc.........]...K..p.]..N.<n.0....!..2n6z:=A.M...6@.s.0.}<x..Y'...+...(..R....N.R...I...7L...W...C.b./.z.d..X..Y.,B._...4?......q...5 ....6.. ,,..sJ.!b..m.."`...*.o1....*M;..4.5......+K1.z a.`b...&......".V.peE...NS..P8....m0....F:.r]IC:.#.t3+H..x...m.....<....4..v+.......B{.q............$.............M.$Z_2...]..s.9.Np.....2...j..%Ow...a.WS..-.....<>..p..<....~..31D.`z_.p....Rs..k.+v..XA.w.b.....<?OF.3...1.9v.......I{?$.2z. vDQzY.=...g....5u.M.I.).5..mE...p|...{e.T).l.........Z..!P.=z7...9<C.$4@..G.o?...3.>..Ro..._VY........u.n...Z.......z..{.....,..X..}.Y
                                        C:\Users\user\Downloads\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Favorites\Amazon.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):645
                                        Entropy (8bit):7.6164360098127775
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A8ECC7517EB68D81A533CF8028D5BBEB
                                        SHA1:227457383F1CA126253ED5D7B979D32131BB3A7F
                                        SHA-256:00A787B3FD2138DB8ADC8B37C70C38F5170AED428BDB00E7087A768700EB05D9
                                        SHA-512:F320AE839D90EA31C5F5D69DD8785F2FE2AEE0085C516EE64ACEEF1204F7CBC4BEF6FDAC79737EB92F7E5E99BED288443513B299F50C5DB4DCAD8449AE15A5B1
                                        Malicious:false
                                        Preview: ..Bw.....%..&?..*.6.L09..)....Ys./....%.2....&...../]f.......X.E......r.].(..U.lZd.Q.../..(.31....^\.d.....:.N_.%.M..MlQ.'..l!.}..H....*.7.'pmL.8.Y..........w...~R(.{4.d...[...w..]z..p......`;....?.M.y...ed.7...4...c....!..ov.^...<|! K....|.F.......Mp.)..t".z....."w_/..Ft.C...T9...2=./9..<Qgo>.M/...8!g....,..2....t?3.J....A..r.D....9.z...]r..gfL......M-U.i5v........|...2I.In;......ey.{.....0.......8%.B,.d...".c.....W&.P.....v<.....g`....0.e...H.pM+....p.i.q.|.l..N.D.s.K...............$.o..........s...*..a&.x.W....i.G......#...;.Uf{..G.....(I..../..<:.<.n?...&..Ho..@.....y,:,a]...o4.Ub....K.-k...w.S.
                                        C:\Users\user\Favorites\Bing.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):742
                                        Entropy (8bit):7.6735363240225265
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:30611E501CD4EFF86C33F22C7027D9FB
                                        SHA1:88D1C97766961DDC1324AC53272058B9117CE499
                                        SHA-256:DA95B2C58FF9311A45C47E3FB87666714C16EF6764CBC739FE68323473FE37FC
                                        SHA-512:0D172189D9907CD849D6E202509ECB1ECC21839D2279E73C1A3D6C3B14A82CEC984156AD0E5CEB4B10A2C23922DFFDC5515B40A539909874B3CCA2B7DDE98ED3
                                        Malicious:false
                                        Preview: .).+....j.j....b..g:W...3...Q._..>..O>....$.]\:.S.R...(i....z=.C.|...L.< xV..K....":......XC..C.@..ah..w.x. ..{.y.,|..?r.M........8.z7...,.dS.j.-V...WBr+L.S*F.{.......,...!.:.R.T2.0.!.Z.a.........n........(y..KH...........<..u>...Oz...z...^..3.Nnj=-L...@.+......`..<o..._........<U..Ob.....6......oa:.q...........b.........c. n....ll.......V.7d...........8%....LW...R..+o.C.f..g.B.v&..f.r6....c.M.A...N>.M@1.h..../.....*4v..R.cYfC.T?..lNWr...SC.9...dm.. .....e.K.........FZ....Q............$.........6...]...2{o.%...<#m.`....KFV.s.......K2n0...m.....8.4&.}..o'#..|O..Y.y.I...US../.M...N....!q.y.Z#.{n.e.Oh......Qs..@..[.YF..u..X.x.N)..Y.>.6...gZ.8._........S.{YP....%.....[.x......Y...6.,`~X..N`..D.
                                        C:\Users\user\Favorites\Facebook.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):647
                                        Entropy (8bit):7.635075742209043
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5074FA753254096EDAEEF6989301A9A6
                                        SHA1:EDF2525C8209046CBA2162D984DFAE65D5DB5C81
                                        SHA-256:143D776249FB7CF73CB190195EE35E36AE634FD6E711CA7C07CEA1F2979765D0
                                        SHA-512:75CCE9FCEC8C432C032388F6CDBE2ECC7E0C29495854D0C5B05F4D57F35207D372A639A2AFFE6C3783378055AD1238A8132A2FC3E35649D1C0A8560722399682
                                        Malicious:false
                                        Preview: .%t.*....t.nR-..,L."..E.ys...''+_.N.q\\.t......$./.Y.&R..l..^{.h..#'..PAn....t..4\J..2.....a.._v>m.1._.(K..&.S...0...C.(...<.1.......`s........{.%u.. ......%S.^.p..fr@"...........b..".h.....~Wl.?P.....L.B..f./,#W....".9.....i{.J...h...WE....q.#1O~oX..O .q%!Q&..........1..H.=R......uh.9~d..?D.O.....tv.A....z..:...[.\.q..!...qb..9?...($.n.yEPK...{.......*...E.<....m..;..R...^68......(y......C....am...&).a...E..PeH.E.8.x;.B.c...B..E-.. ?\..ZGQ.......h..7F>g......Pi+../6...]~..U....U............$.q.......I.[...&G...D.0 ,z.L.-..>f...l.....2)w....[..u...#2....`.'..q....o.D....&.F..2..Q_.<...E......?..ET.g1.S..9
                                        C:\Users\user\Favorites\Google.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):645
                                        Entropy (8bit):7.607738636861448
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D77DD4EBEAC2F70DDDEE1CD1A3278815
                                        SHA1:F6215E717BA2162434855FF412F4D8F1385A1F16
                                        SHA-256:22B30852835B2283E7D6A361974C1CAC9688B595017A5E2A665953CBF9AEDF47
                                        SHA-512:F7FFA3862815B30A19DF28C7297839B157AFFDAAFD06852EF042D721ED3EEACFF4BE30A909463E2B25FD7D5F401BB4ADFE774315921D40B3E141580974DCBCDF
                                        Malicious:false
                                        Preview: ...}...|..\..g5.V~^....,.%..<.1........q.f.:a9...E.d..1..FJ...&,.e..O..?......#.@..[q..MZg..o'Vr...R.E_.. Ax....!......sx........F......\..HE(Z...c..........G8......M........,..R*...~#.&..;.d.3..vm9I...d..`..^W..3.G...F....wT...i.&.F..s.b..'.4..I....u.~..7.Z.7...@F.D.."....<p..<.......~.* .7I...r....&.^.y.. 6.J..%Ke........rH....u..qw...@........5.2&.+....e........t............{R.)/\.y..p......-......sZ....jB..>r.*6.T.x.<....w.&.Hq1m#7.)I.O@;77...$L..v\...R!.h....).....R....#.M..3N/............$.o........H.zT."..O.1[-..|...{..do......~Mk(....J...c.b.u~I...D@.\.H4.k.;.+...m....VEi...r.=... ..3z:..Z9...tfiQ..
                                        C:\Users\user\Favorites\Live.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):643
                                        Entropy (8bit):7.600094294094516
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:44567C17E70A79990A8791EE70CE786A
                                        SHA1:7A6CF77CFFBD29653CCC00C34140C57097DD980E
                                        SHA-256:5AB119F08D010351B3CA54202D137ADE329047C91B56814ECF8264B66B0C0BCF
                                        SHA-512:6D824EE81AF873F9467A5462B45CDD977344C47D8736416D4CD54A0D0E03C33AD1B76F2EADE036B105A400AF5A15BF3D1BEB7D3C847DC7955527A55C566927A5
                                        Malicious:false
                                        Preview: C..D1.1.>`Jshz<...?.2..l_E.?.Dv9.J.s...G<.........L.. ...........^...+5...Ms..q:g..Os...*/.6..1.mn .<..8...j.......m......a..W...$.R.9..o.O2./.u.d.........{l.....Z...;...7....sx.!K.s.Z.Uzc.....V3$..8..(.8....Uv.Y.....^Y.../..."..5.nq!.HT.."j)9.F......Z7.a...Z&.o.......F_.*t...O....7^...J.r>L..Y....f.+.O.(..[...S.~.(MZ.k*.H...!.Uk.^....p.2.dW...09..8.-Az.J.X._.!.....{1.0.3....D..1...+.J..%.k....7^...crW.].....(]W..B.c....U..6,,m......H...z.M..........r.?...e?+..f...hF...CwY^..D..................$.m.........k4J..H9Ce.9..9....\..:y.-...&x....=.......n......|.w.8.........e..2%b..._.......?X.%.&.,W.iB..O.c....
                                        C:\Users\user\Favorites\NYTimes.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):646
                                        Entropy (8bit):7.599538911286612
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:64D0A09633443600FA42412540E2CD0C
                                        SHA1:CE89B83B1D5642BED267F8E210BA5DFECC057CCC
                                        SHA-256:1A6FF29B7D3DB15A54265A5867292CD2390993D197F97D28F921EF1FCFED3433
                                        SHA-512:C99E69A6A560FC355AFD5F9DF19D8D4F9264E57E35E0B294E4660239428A972928A08D81D0CECFCD5982613B2AC77EE823E97DEA699C1433611A3D4FBD661D35
                                        Malicious:false
                                        Preview: '+...I.X.....z.mY+..5.+.. .W...U... _..!A...b...u.5.y.Y(.C.L[..DQ4.6/.$r.rb.e..v.b..K.Y..S7+.B............V..pR.^t.0od.[.bP..T.*Ij.^...N...*~S ...#.g.....8...0.`.o(.>t}..)..bC..V.-..!..D....#.t&.-Q|\e.9.8..Q.....-....-.|.K@..S....v.a..-%E..Nyx.x..U..F.2{.......Q.Y...".. G>B?z.Zr..6#.!..f...!........;..zWa({.\^...5:..%>..N.....#.5...mj..x.o./.-...].6...${...A.evV1t`.f...J...8..?h.M.P..?.:O ...R.p..S.Z..%.K..66.....<....K...\.j._%...@.....fa.6f`...U2....c.F*.C.<.....0.......!.s9...............$.p........o.W........$>E.2}...........{........!.2W.Yv.8P..O..y..s..vmW.>..G...t......W...=._...[......j..a(-...f..#y..
                                        C:\Users\user\Favorites\Reddit.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):645
                                        Entropy (8bit):7.631410144420355
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F1B5093CDD4E3105CDB6B98A8927FB5C
                                        SHA1:C116D9BB03FE81D93164D78E51C4B0EBB297E395
                                        SHA-256:4C45C31221D54EAABEA52B7F35FFB02315FFAC6EC674DDB627A92FEB4C46675F
                                        SHA-512:2935C5F4748FAAFB464EAAB0996D8A3AA004E6A8327AC6A129FD37652FC7EED34FF879DAC12FFAC76B1132AA909B7CBF0B167ED1F66E91DABA9ED8A6D3BF833D
                                        Malicious:false
                                        Preview: .."....Sw.o.gM...rp.3...''.%?..`..@-...5.#....J..n..{-l...a..n.....<......4N..S..).H..$S.@.w%.....F......s..Q.7..4.wA..N.+N..h.m.(....n....3....Q...dIFl.......Uv.Tx.........7`E.!.nv.!Q..C2...-..k..&4.....X..c..B16....j..=Y...4. ...9X6.. .[.p9...x$..t..$.\@...%....X....T.t.:....6:..#._.{W_[#\.r.8D.].~.&..a.....Xe.v:....*..2L........A.@...).8.9..K.f^`s....#)V...6.Z...+.rb...;.xp.[.....\h....).....$.6F\.-....R...<00.I./6....Xg..|=?5..x..3..=.H........I...J....d../......... ...9............$.o..........87.>ro50..k...^D..#"..q...J..l$..q.,}.P#......y......3V....m..../.T..[.-..l.i"..Q..../Wb.>...4..j..?hm.!.
                                        C:\Users\user\Favorites\Twitter.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):646
                                        Entropy (8bit):7.580394146537726
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:238B1C68B714369D816B7528A4C4DD24
                                        SHA1:DEA880DAFB05D6F2A4E6187DE869FD567A49D906
                                        SHA-256:6293389C3F30FD0BB561C3F71C47667ED4F6C5835B10FE851355FE240B4DC589
                                        SHA-512:3B3743E05912531AEC004EC44C6443835EC6F1A3D59F91F797CF85FDA04CC3D5CE6B77234E5EBE0D922B16013A4A941217D2250DCB395CBF760023F9680B705F
                                        Malicious:false
                                        Preview: .......n..l.4.X.g.*`.i...RJ.d..S...+..D^.e#.A.m[....b..P...-..-...PCq..Dq.*.....2.8...'Z.S....k..!...B.5.h.......q....j38gA.#..nd.`....!.?/...b.....h.s.9f(..A.F.&6e..h.D.X..U^]d......6.5T..?Ek....(.{.H....6...R..R..vJ...Z.O1.9V...-.G.R.?.f....U.*p:.../..G..e..s....7.n2:N<..........-.+..mF.B..W*^...R..C.G../7...4.....v..M.......w.......,...L.]...R..D..iw.5.....B.[e..:.^..6.8..-....h.d....=.=..@...dfb.pmY....N.&p..?..y.,.oZUK5..U...y...<A.Z......Ze...l..o..._.....>>+...Bn+....y..v.?..L............$.p.......Q.d.XD.qv.m.n.2.X5|Ls.t(.(.....m..$9,....J.&...2...g..,...\."....z....6.x..OD......Q..$...'Z.....Q.,0.R-..L
                                        C:\Users\user\Favorites\Wikipedia.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):648
                                        Entropy (8bit):7.647493158737309
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1EEE584BDCD6EB44E7B311C014E9E0D1
                                        SHA1:8A671870E9B518995B803272E4E70C35FE540E41
                                        SHA-256:5DAACC960B2900572AA344E6BD69BE59181418432F61F4F2A29F426FEED00AC5
                                        SHA-512:A988DD7D6C3702B2A05F5AE58F11619A380FEE1F483CDC76A5CEB400F323592FBB5AABE9FC1919B5091917569C94E6A2C4F174EF4220F636D48F03005D454C73
                                        Malicious:false
                                        Preview: }=kE.L..U...kR'.r....B Y.......5....y.G.6M..Hewu......5c5.@....3E.W....@CH)...T.1P.8:..pHc.{.F3-...... .=.7...0......o..Zl..\c..N..*X..tQ..F.9.CJ..Vw...'.S....ZyO.%...O..U...|..d....;Y.yy..%..2s.@../4<.....v.x.....:.-V..x....:..QY....~.j8.)..c.Cu.b...R.1....j.`..).) ....=..<....a......=vH.u../.H._.ds..0.&..K{...?.R.(.qpF[..R#.=.y.%...w....`_"..Pq..\a...Ig,......z.....h..k.[...8."....ye.......~-.y.T.F...=~`...'L.0.~..S......-.i..<..E]..>..G........uK...Pk.tc.D.i...s...$"(V.._......++............$.r.......MCM$hE..fj.R.......M..w..6....h.I...D.gk.@WH.....S.....~nL.....z.m8V=+.7....../..R....&.Y.k...D>W..Fz.....
                                        C:\Users\user\Favorites\Youtube.url
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):646
                                        Entropy (8bit):7.604570777768185
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D05824820B3E4122E4AB10CB232AB4BC
                                        SHA1:3413A10E8F160A8A4022F3F91F66462887A56730
                                        SHA-256:F74BE2D1C5FD541B8D2D15AEA611254B2F5C27E9E2E4EC0351E952C3321303F6
                                        SHA-512:D346F363A98AEC584EE292A9F5F7F8F3E7E8D3DB3C207B72B8052B744E491DE12D4789ABEABF8737CCEAD43704DA8BCF2732B33B851740B0F6450CD99F510D14
                                        Malicious:false
                                        Preview: .....8y.........p.......^...r4..s.3...e..l7$.0...K?....n..Q...o......_:.jF..o....u^.t#>..9..j.][......g).U.\.......dm..,m.|...k)......-......K........{E..'.L.Z&"....;.D.....S..[..X..u.p..... F.....}....h...!....Y....{......h|...............S.DC.0..H.x.$Yx....F....u.j.4..X......q}..4..ln.H...(..)....Y....F.k..i....R...o..D...}Va..... .~....B !.j.r<....%O..8.........YH.][..I..B..^.....H........\\8d.......m.I...C.....2.o....Ry.>..."(.Cz.'.D<......Y....n.........?.f.oh..W.Lo..w#.5.,.%;............$.p............Z.kI..C...U.m...R.3."M.>.%>....%.'jh.p.)>.5...w.nc~...Y........}j..T...X.........H*..MA.Me<...{.z..n ..
                                        C:\Users\user\Favorites\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):936
                                        Entropy (8bit):7.797690939068785
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2E80B2D0AF083903ED27B4B14D873346
                                        SHA1:781ED9AD2BC874347587833FD0C1000D8B9FD871
                                        SHA-256:450C8D3A859E8D15C04772F3565F469B25070DB991B7B65197C59F15E4F03FBF
                                        SHA-512:4C534B60A2B5F6A041301D2DA523E7C4EDA38EC2C8B40B1A33CFF068C10B4AC102E1947590F8ADB26569AE985943E16242BB73C6A4F61672973D44B0FF4DDE3F
                                        Malicious:false
                                        Preview: S.......\...A~".B.v.B......y....jV.......T.M.AT...M.........z..I.1.%H7c...k...o+i.^..'...n.)..T..;l.4._._..7........0..Z....$ .~.[q.-Og..-.<D....Gz...p.eq.*.u#.......).s.......}.......#-.d(..:sv.fs.X.&.}..kt..UU.....}.3....*._...N.8*......i5i3...~.=Z...;.N2..7.2....^.y.q..{....V _.a....>7l.%....[.........q.(..L...^...4Q.ea....:.gN..y...`..&ztW..V.7...pp.Yb..9.`..!....%.ca>..f,.2?)o#!=..e.;.V...w#.W....i.9f..4|..H.R......F.+g.....%.G....I.v.j.z.BR..B..g..6<.F...c./N/-.!..Q...$4..}.b............$.........-n}...zT.2S...).V9b...-..5..vJk.K|.:SU...k.`.Q.?:.........9|>.......O+;~7..7}M..!...x.HS.^.Y..5D...*......B.H..j8\.xR..T..E..".]72.....p.....r.y...G..A..sN.f].......Rd.."..6.w4.mc...e%`..)....WvI....jM.E........=._U.5...iD..q...|../.4..\......h.F.T...WS..K....1..]:..d..........=.O.....).........f..<X:c.A8.i.J4f...Bg2+....b.n..Nr*k..=.T%KN...cHn{....s."DJs(n@..._.?.Y%......
                                        C:\Users\user\Favorites\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Links\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1038
                                        Entropy (8bit):7.807294610040402
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6B7558270FF9655BC7257AEB379A7CE2
                                        SHA1:D17E858200A18F8BB8F03328F723D81816A3BA7D
                                        SHA-256:039A5FF5E53EAB8A708051B7A85FE3DB314400BA7A5E1F4228E657E26BF173A4
                                        SHA-512:9D9FEEA0C0B3906FDD8DBCBBE2AA4E53DCAC225F5D77C9CA8F1C9D542DB2977C2E661916313A217D73526969B7E7B8CAAFBF6268E2524A28318E72D1F8AD316A
                                        Malicious:false
                                        Preview: ?.P...!.~$(..x.D.+S.....N.%4y.K...N..8.."+...d.,s...V......i.k.u,.?g....f....;.@.....j.u6P.............3.y."......].9..(j..W.z>&5...e...V}...ri.F.......(V...."^.n..L:~....*a.c....<..>V.=.Q."...6.J...Nf.N..(.I5....u:....a.../h..?.....u...k...h2.......d..4...B.......?... ....S....]Twj......JW\...H0./.s...@)......x...3.........:.!&.H.L. ,<....<*{.........x.y'..A.(z.S..Y....g6.3..H...h.e'..&...f...<b.m.IGO..[...Z...@s....C..2..W..e.."..g..zR. c.....J1...R..@X...?oN^NC...8k....nr.zP.O............$.........5}.f.~......b.l6N[......w6.)D:...l..{....D-.....'...JlUz..p/._...?.......H.._......a.2.....i./.]....XO...+... .g..."..M..@..%Z..."]..2..$.hq/3....Hn...m&8kw.{j..%.0...............~...M,&...7..e...J.ER...V.+.E.t.........0.D.7.....l#.2p&.}..L.^.0...P.7..F...o.".O........&YsGFb{.F..cm.d..X.QU...L....Gt..@&C(...l......j...O....h...M..,+......).).F..vp...L".=.S.n...j....~7XG.D.....L..]\SfI......e..R.a...)..,...4._i.%.G"..f.@....e...f....{M.i...s
                                        C:\Users\user\Links\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Music\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1038
                                        Entropy (8bit):7.780584036994221
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5B931DF6C081EEC51EEFB0E351E06622
                                        SHA1:AE228E788E4DD975936D7E5806A60E002825DB07
                                        SHA-256:CF5C877CF887D864A941A3A89ADD9C25E6E6E0657EA0F3AEA81B3F108A73DA21
                                        SHA-512:F4F22C539FE47B14FD72DDC288FD073BA8905C61F270D16EC49792DEE1C56F7681CADE78445FEC577E862ECE0FF1BD7ABC51B7BC1001CC180B297F467539F731
                                        Malicious:false
                                        Preview: .`p....g.;."..&!.]....7<..J.....l[.v7...S......U.$......s.q....5....j?#..[./4.@.ZQ.6p...Xw.(.S..Q.......D...w..|_...:...V./...;...f.&Y..v.'.d.X.t.c {_..rN.....!..!........4F4....".Mu4......Za.......h....eH.A._.......)...w........X/,VtRf-.t.+.H..M..3|t$.MOg..5.e8.SI.Y#j.Ub.<.T...]n......6.M.$....u.J8..v..;hY..0'.]/Z.{.."....j... |4.-!1....P Y#.P........9d..dG..`.....u.H..w<L.G..)-a..V"MU=}!~.!..$+.C..I'......Q.\.,..W..|"...U.#[...<.F*r..V4v.d.|$..x|1.y...j..Y..._M.~..}2./...j....b...............$..........}%-:#@.#x.!-.p.{.....!.V....V.fG..\a...1....W$...6*.'s..js}.t}~.+`.%..j`.d"..'..3bR7u..Dm..|..V.k...ar.......>......'YWb........J=r........P#}..5.0V~o .x50..!ZP...-D.. a....C@.+..eK.%e.I5....vv.>(..T....D.64....W......0!J.....V%e....M....-rC...7J.....S...J.L.c;.h.J.R r.\.........(..7z..R...;t........'.n..(.h....h4....B.Fd.I..s..*../........%..`G+.8.VZa.B.-.Q.,..4?h....^...=B6N...#...M.B.:..Qk..#.v.>...<.bM...C9W.....g... ....Wi..E.0....."...
                                        C:\Users\user\Music\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\OneDrive\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Pictures\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1038
                                        Entropy (8bit):7.7616018258013675
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F62EF6258AAF02686976851BAE38638A
                                        SHA1:6F4B9131E860405CCE7341E4A4F603F86C90851E
                                        SHA-256:16EFED8C493B7240F0B8AC7F640740ADD64FDE2EDB7B556AAAD82AEA98438637
                                        SHA-512:5E2086227540883EC168B25FDD6984A5E377AC47D0B190A0363E7D3350EFC4FFB4D755199D4730D903B600A12BB6960F18E4697E3389F8E7FEB470CE752C0E9C
                                        Malicious:false
                                        Preview: .."...MW...R...a....JSL0Ps....k!..I.c"...lx..=.k.Y..e.?.~.0?.8...E..g..V.`...=o..%0.........Q'...."....#.^F.z.i=.a..=j......i.wU......W..c.0v.k$.R.D..{jw|.~...hN.R..nv.M6*.......x.H..)}@z7!......C;z.5e8...A..[.h....T........p.#7...PZ".....{Z..H...=N..R..E...up..Z.e.l+..V.^..V,O.4f.4]....j.u...Ur.O...g{.j..1).T9(...H...A..r._.eUa._.E~[F,<......s..'..2.!2..7]?.....M63s.3\.....% .......aNA.'$......M..`..{O;..s. ..iq..Z#....a.....P......).{.r<'S5_._..}-zm..j"..h..kH....-.....k...+F*.....n._DY............$.........7_.a..3......YTw.?...?...5..G.hv......tb]1..]5......c.v.......!h.d.N...n.|E.w.......z.+.B6:.......|..1=k#..|}...W}..\...x,.m......8..f.1..`.U..kYV........d.M.;.)X......W..}kT..D@m.E1...`.A..]..2.....c. S.`.Z..SL.0-...Y6U*....E.'H.k.MC........H.)...s.t]i..a....FOX\..O.Z....X...*..(....":R..Ovf...............02...%...".;.b.9..o.\..\....J....Prw>......LmK..."~"}...w...+.l...&...M+s8.(.....@..ao.a.._1.6C..c)x.Ad.#..wd.+..............3q..w.
                                        C:\Users\user\Pictures\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Recent\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Saved Games\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):816
                                        Entropy (8bit):7.757593817301372
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:24286EC9124886D535CB3674037DF0B1
                                        SHA1:F9D8DE369459EE630D70FC667A7BF57F990EE779
                                        SHA-256:04E47AA36D71048018BD034A85BFD0C45EE93F84485AF64C3683A8D3C3AD21E0
                                        SHA-512:EC7FA687CFB53B4AD6C35FDC15E8701AC2FD31887382631A82737DF191C7D9C5844898353756514949E9930DBDF7489C9C08C37809FA372BE6CBE9325796C0DE
                                        Malicious:false
                                        Preview: z.1...R..k.s........m...{......B|.D*7..V...l...............i.=..d./.>b.)........ !....esv~..aR......h..x..#9...% Ck...-.....1..."..,<K..2.M.%L...%.;g2d...\...z...i.. n.......Rm...K^z.....$la.j_..I..._..........5.._....U...vG.[.B.*...R...i.u....rE./Yz...a...c...:.W+...*.lL.ml.I.a1..d.eR..#....J.K$ j...v.3._....c..~*...5.iC.V....V.........../L.........{..<..hk'.LO...)..hqy._oj.{a.\k......k...~.:?.1.f.}...p)..d4..30...S. >..0...x...0..tv..:*.X..a.wC3T.,....!....N|.....|.....`..c.%l.'............$..........N...5O..HX/....s..h...G.....~....#{|...v..@f.^..8J......L.z..J...7&d.={.9...>@Vh..&PW?h.w..1....{yG[....7Wx....E..HN....36..#.....ZMY.....z.E.u.t.q..$J/K.?.." .2d.w4..I..N........S....{6'.r..6.M.I........3^.(.d"|...V..<..1......A.M...f.eU..)3m........'V..F...jD..S
                                        C:\Users\user\Saved Games\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Searches\Everywhere.search-ms
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):782
                                        Entropy (8bit):7.708201097791134
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C780D71A843A8B4CD359BBE963BC2C7A
                                        SHA1:5440E5D0607845901AE26835BC003212ABC4C9F9
                                        SHA-256:28782F3256448D54DAB39595B82A3897C34F89FF375DD3605C7A0C2F7333B7ED
                                        SHA-512:01F8813FE1018A9399DE9FA80B38BEA9B13E7B3CA35DB1C0FDE158E13D789F4749F28970892C220A0F8F51549DFB95D3BAB03DE62601F8D2AA7179EB273FBB84
                                        Malicious:false
                                        Preview: s..K.m!i\.K..q.C.E...,0..(..j.=B...F.8....|i%.....h...d......r.........4......=....i&..^.$L.\K...e....es..Q.6..X~.O...2.Jjj.3..`..D.`.....#_'kPn..\.$...rU...........^.`@.#Qem/.}..a!..E..g...{,...u.....h.`..?@.V.R...63&4..(..`........y=..w.n......+&.X..8.....U|..%k-rBH.t.p.U..i.R.Y..UZ..eP...rQ.#...y.PD.bM.:..'.|S~d.../.K..c....X...8..,.]..T.;c....-.b..prE...&).8..,!..!.....%VMV...]kO.j....6|.n9N}NOc.c...HC."....l.}.J.*.5j3......^.4.............u*..Q8`..x..A.H3.`..Q"u.a"E.....<..f.f............$...........*#.....`.w.^.V....O.WJ6B.qz..gJ3m.qy...J.w.5..;.1..t.|......*M.}..r.?.S....4.oVP.Q.ik.F%Lca.I_.q.W..r.hK*/.d..:8G..l........K9....Z.....gQ`.R...==..5_.O'Q./.....%*0:6@-.i.\..e........(K.a ~'.;...>....u...{..5.y.Z.o$.~.UQ@...z.`w.....!...
                                        C:\Users\user\Searches\Indexed Locations.search-ms
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):782
                                        Entropy (8bit):7.646502478971261
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2651BFD2F8B02CFC485FAA59DD5F8A0D
                                        SHA1:D7AB8954B2D2F0B4DAADF4E52CFE59B9E633E492
                                        SHA-256:EB76F4F42AB09B705A58F17AC660B13ED5F276C8486B472DA85CABEA2BE854B4
                                        SHA-512:95993F3F6F9D97911EC7D8114EC8ABBA676D67574E8F8517536E67D8FA5EB8F8469B298C35CB2B1CCC9F03B3E4D230B4E7E847E12EEB45638D84C65A21F06E63
                                        Malicious:false
                                        Preview: ..R....F.A.....3....u.._6...{.....mT.e...Y...-../-....w..h..=H...4...sXSE^.@...!..*.6.;...x!.d.t....1K.aS..g.6h.0.~..=$....4.a.l..=..Q.FY..'.....3.....`....,..d).M.......xKx1\.Q.7.i.s.f....s......X.@.b+Sta|E....taEK.d.......?.U]...,6...n..D.xx;p.ku..%?..y.&g-l..0.5.~....;U..,...(~b.....y.......W8."Jp.t.].q.!....][..-..&..(.^..rxm|.s.b.t.A,C.....V...oa.Y.T..p....M...`.RR5.P.M.............../.5.&...!...r..@....0.Ib.=.s.`?4.d.......a.......S.`....X..jd],....%.c.^9}T.g.....3n..~M...^.............$.........?Gb!..':....rs.w]..'v...q.E5.s......Oz-...h.h\.j...........y.R.......b.........~...+...u....i[]......^.....\..d...4...oK.)I..]..R....S.u<.bR...eo.ZM.\...].. EK.Jx.!.jk.....F...-..Ll.....i...'.k$.T.1s..k..d..9..;W..SVDr..).7.a.1.5.C7..
                                        C:\Users\user\Searches\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1058
                                        Entropy (8bit):7.772306616151837
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:908D874DF43B2A1DE7A84DE255D64463
                                        SHA1:F087E0C4F335A52C5DB4950106D05423F0CDD188
                                        SHA-256:0799BE2A65FB8C95CF3C1359C4C1FF416A2139DB030EA5D57241CBC48A314959
                                        SHA-512:BC522814E9FC34C492D183B13FEC458CAA6BFE0F35938CB4D16DAE9BAD7BF56F1FB48D9717164269141BADD3A7DD2A2A05E908F6F7C0009E6BB87EF3484FD28C
                                        Malicious:false
                                        Preview: |...9.....[gy....L.n..d.....H..`.>w.......j+..E^26h.....'..MDqx..}...P.......m..N..;&.$~...*.H...ds..~...[.7kM.[.6...w.\..h.....u|.....P./.!c...z..N.*..io..o-.l..u.....h......).L.Ory).@.m...*C;/!P.4....Ro(..B7...>x.'m..[.....Q.2.j..>'....uj....;+a..~......M.-(:.7..)..H].k.....%.~<.N..Z.=G..iD....$...F..5E....c(s...?*k......'...f...!*<G3...b?.J..F....2G..*@<?Tq........R.!..-..t.F.Wj/.l.P....=..A.w..#.f...Q..E_G.K..".J...4a..i.....6AAz.+........C.K.H.....['...D...c.lm...h._o}.............$............4c0}.....T(k.B.}...b?...X.F...C.....)z...]..[.4.....D../.....x.,I..|!..B.7..Zh...Acn....cR'F..b....;#...M.....R...../3..E.~7s......se.-..^.n./..B....4s!.U......*.Q..C..\.~.G....gC....y.].....A......O.:.uz....kRx.N.6cA.y.]&5>U.S.h.....W.!.../.....%\.L.}`.....pg......F.,......O.........+[>......0..R8ap{.....f".b..1..y8..9.IV&. .w!.......3...^.#i.&.....z.ZbE..k....0...T.'.Q.{...:..*......Q.........G{].;c...iR.....Y.q.%.."Q..#..8.....M.EC6mP.
                                        C:\Users\user\Searches\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\Videos\desktop.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1038
                                        Entropy (8bit):7.7854514757658855
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:93BFDFF554A58229B26F2F6C614BD688
                                        SHA1:6F6143ED15120C3E417758350CE420360BC8D913
                                        SHA-256:01D9EF9D0B6B2468F5F0B1A68F878F565B73804D2FC52C7D828900593DC7AD90
                                        SHA-512:8A0B435597B6746ED0C693148D9BD6B2DA0B7E6854DE55A7E2E3B35D3F4B159745F9D52DDDE3E5D71754606BF0146CA24C4F6214B1C767A84A0F6CBDEF2AC487
                                        Malicious:false
                                        Preview: .).>.TCO./O.B.D.;............L...-.:..El{^..N.w. ...cT..pM..{%x.i..;I......\7...+....^..`.....ua.f`.J.0.^...A.E.....r../[....c)`......"..>...mr>.;..*b....p.PE.3g:.N.WK/..a...y.Ktk.LQ..[.....4...E.......o<8jpQ.(.D!F..WA.m.x.kH..L4./......\.eY..|.*....L....?.,.)..w~u_..yQ.b].T.a..i#.C......P^Y...f.....v..+.S.i...k[...=8...'...\.s..%.Q.9?Y.)./......3\2I..H@..0......v.=^V..$..C.....iW..,......_...!.,....|..HM.S.0...C.A`o:.v_.......4dZ.....xD.....8ZZ.w...9.....9....v.....d..]Y.....l.(............$.........YY7...?...X..........?o.....m..,.........73S.[j...3.,b..}w-..._b.9.......v..4R....^.P....4.!..Q...G..!}.....;...$<l.... ...:.b.....>}..C..C}..[...,d..%.>>.....\2d..C.-.bd.P=.6..v+..G.t3)..cf.zV.f.......=.,..yE,9.....#.&II.._.F..=.0.....].....=R.o.{F...._m"V..gu6.....Q6.y,!..U.+e...Cm..I.wF.....X.Q..........*...:!..kx.Q..k....}.&I...t.4!......\.u...J...j.........|....E./...OL....]}*aP.z......;.x.X..a..\.....$z.B...d.E~..s10. ..x.......Z}..D
                                        C:\Users\user\Videos\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\user\ntuser.ini
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):554
                                        Entropy (8bit):7.523579183840701
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0DA84F205D9CB60193FD6E3A5FE2851B
                                        SHA1:CC7EC253931002C2F5461ABF8286DB700847813A
                                        SHA-256:460D712E14759B145B7B0C2ED70FB33F0EE87B11DCBE3F838CB956EB81A149A6
                                        SHA-512:64BBCEBAF60D2753AE250D0BA712783952ECFC0799C4C077C97044773E4E9A3E6134F9CB0BE02FB49DFB895D6B81B33424100A1975EE3955C372C4ED9DF6726B
                                        Malicious:false
                                        Preview: Y.=i`JwZ..3...v..e...CA`...E.......}.D......9o8W,Y>.r..o....C.<\Pw#.l..=<?Ww/=..V..DB..........j.&./....!...a;.....E.3g..F..,..6J..........8B..+..zv.d(..L...........=z...Q.......jV.cA.d@y..:.9.5Xa..#X7..B..#...h..R..!E.:.B.\G.y.7.c.]....1a.].:..y.w.^..oBHw....,oD?ci..%..v....24..T%y....*w..P...&...N...]...Z.....X&.Z.+..19w.....P....lz........'XX1:7..`Hz..XXMu....,...M(.D.U....t>`Z.Ai..........f#.*.y...*.R..8. .{.\(.[..................{...\.....r....2.....4..?M..ni=.!..q,...................$.........P..I...J.6.#....}_..
                                        C:\Users\user\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\Users\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---
                                        C:\bootTel.dat
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):614
                                        Entropy (8bit):7.584635255608956
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:17B98558E03758CED842AA551D28B119
                                        SHA1:629271ED2F1B8FF016F6C97A9DA507B255FD2780
                                        SHA-256:7C111796EDE55CDE1E1542E76658096005BF4E6F708F864F886793C7F20FD2D4
                                        SHA-512:2E704C5750914F3B67E21FB0FDFBFF8F0541217AE8594F45B33F218DDEFE07950E7B6A4E81AC36A0CD70AAFF9307E8FAD9789AAD9263BC4BBCC2604712400A53
                                        Malicious:false
                                        Preview: _'to........Q.....g.#....Z.L}...8[.`.7...'.:.L....b.X....:..o...@\`.m..%..S...N..y.G2.;r..L.7.Y 8../Y.j.t.^&..k.d.......C.....!...|..)K....PUBh.pg.I.K..0[..%... .v..t.o&.z...a..[.6v..|s.J.g.t-.."../.I..S[..,<".}......n..{....R.\...X6.(...AS\.....A.E8...&.*V...,.....&.Z"[..<1b.K...hq,W.F..'._.V.......K...sc.......oh.3....n..$E}.s_.......z..sY(...|.........7..2;.k.{n....=.....>.W....!.?...4....M.0c.....E@x.B.....zD.......R..mV.....I.I...b.#.>ZQ../...Ff?..+..._...|...W..@...J.................$.P.............e^.[.e1.:......So...Ga..0..U..=..?.....8...6v...f..}..4-.%..+XP....X!
                                        C:\readme.txt
                                        Process:C:\Windows\SysWOW64\regsvr32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):932
                                        Entropy (8bit):5.048814780226345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F4A87DDAD44083E27007E968B48AC3C0
                                        SHA1:5C06E217E1749C1A94FD9B5551ED6247BEBCB236
                                        SHA-256:0F2AC426052E2A1D07DE50AE1334A83C8E93A8C54A94B59D0597636AA4559ACC
                                        SHA-512:B929ADA034FA9C4098D288033E769064E23EF4617C46C6A403D66C0CD937149739223EBF7119075D22DBF005CBD28FF846B37B23622C3AE509A6FD77E5A21B95
                                        Malicious:false
                                        Preview: All of your files are currently encrypted...Backups were encrypted or deleted, same as Shadow Copies.....If you try to use any additional recovery software - the files might be damaged, but if you are still willing to try - try it on the data of the lowest value.....To make sure that we REALLY CAN recover all of the encryptd data - we offer you to decrypt 2 random files of your choice completely free of charge.....The faster you reply - the easier and cheaper it will be...To receive information on the price of the recovery software you can contact our team directly for further instructions through our website :....TOR VERSION :..(you should download and install TOR browser first https://torproject.org)....http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/....HTTPS VERSION :..https://contirecovery.best......---BEGIN ID---..L0ePQQNHK1IgN1qtZd03oQv1pzmr0QchyxH8DOAfvYBRkobWfmZ859aXYitWkPQD..---END ID---

                                        Static File Info

                                        General

                                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Entropy (8bit):6.432529957773359
                                        TrID:
                                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                        • Generic Win/DOS Executable (2004/3) 0.20%
                                        • DOS Executable Generic (2002/1) 0.20%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:eLN6jfk9iT.dll
                                        File size:195072
                                        MD5:8e952d2186e946cfa1122595c17f4c7d
                                        SHA1:6f42c15c43497b79ce5e0ebb61bb68a8649d9bd7
                                        SHA256:a5751a46768149c5ddf318fd75afc66b3db28a5b76254ee0d6ae27b21712e266
                                        SHA512:1f33aba6a34401f0aa26553312782e71644aeb99bab4841906eaa1318387d99f3676bdd221b4431990faf54db8887458a43ade5ff9334e36cc39f3c94b9d0b95
                                        SSDEEP:3072:oiyQ0uz/c8p7Ua3ZstuiSNFYD7RMf+HgrIqra5FqTbK+WRivbrwi:mQ0uzz3OAiSNFYvRXHjTFj+TEi
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........j.Y...Y...Y...<...S...<.......<...K...<...X.......V.......K.......F...<...^...Y...........W.......X.......X.......X...RichY..

                                        File Icon

                                        Icon Hash:74f0e4ecccdce0e4

                                        Static PE Info

                                        General

                                        Entrypoint:0x1001c862
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x10000000
                                        Subsystem:windows gui
                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                        Time Stamp:0x601C1968 [Thu Feb 4 15:57:28 2021 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:6
                                        OS Version Minor:0
                                        File Version Major:6
                                        File Version Minor:0
                                        Subsystem Version Major:6
                                        Subsystem Version Minor:0
                                        Import Hash:bef752859e3faeb3590ad643f6ed8e9c

                                        Entrypoint Preview

                                        Instruction
                                        push ebp
                                        mov ebp, esp
                                        cmp dword ptr [ebp+0Ch], 01h
                                        jne 00007F7B5C9154E7h
                                        call 00007F7B5C91590Eh
                                        push dword ptr [ebp+10h]
                                        push dword ptr [ebp+0Ch]
                                        push dword ptr [ebp+08h]
                                        call 00007F7B5C915398h
                                        add esp, 0Ch
                                        pop ebp
                                        retn 000Ch
                                        push ebp
                                        mov ebp, esp
                                        test byte ptr [ebp+08h], 00000001h
                                        push esi
                                        mov esi, ecx
                                        mov dword ptr [esi], 100281D4h
                                        je 00007F7B5C9154ECh
                                        push 0000000Ch
                                        push esi
                                        call 00007F7B5C914E17h
                                        pop ecx
                                        pop ecx
                                        mov eax, esi
                                        pop esi
                                        pop ebp
                                        retn 0004h
                                        push ebp
                                        mov ebp, esp
                                        push esi
                                        push dword ptr [ebp+08h]
                                        mov esi, ecx
                                        call 00007F7B5C914AA2h
                                        mov dword ptr [esi], 100281DCh
                                        mov eax, esi
                                        pop esi
                                        pop ebp
                                        retn 0004h
                                        and dword ptr [ecx+04h], 00000000h
                                        mov eax, ecx
                                        and dword ptr [ecx+08h], 00000000h
                                        mov dword ptr [ecx+04h], 100281E4h
                                        mov dword ptr [ecx], 100281DCh
                                        ret
                                        push ebp
                                        mov ebp, esp
                                        sub esp, 0Ch
                                        lea ecx, dword ptr [ebp-0Ch]
                                        call 00007F7B5C914A57h
                                        push 1002D190h
                                        lea eax, dword ptr [ebp-0Ch]
                                        push eax
                                        call 00007F7B5C9159F3h
                                        int3
                                        push ebp
                                        mov ebp, esp
                                        sub esp, 0Ch
                                        lea ecx, dword ptr [ebp-0Ch]
                                        call 00007F7B5C9154A2h
                                        push 1002D2BCh
                                        lea eax, dword ptr [ebp-0Ch]
                                        push eax
                                        call 00007F7B5C9159D6h
                                        int3
                                        jmp 00007F7B5C91714Ah
                                        push ebp
                                        mov ebp, esp
                                        and dword ptr [1003049Ch], 00000000h
                                        sub esp, 24h
                                        push ebx
                                        xor ebx, ebx

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x2d6600x7c.rdata
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2d6dc0x50.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x310000x1e0.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x320000x1160.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x2cc100x38.rdata
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2cc480x40.rdata
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x280000x12c.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x2609d0x26200False0.455443135246data6.51071742215IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                        .rdata0x280000x5d7e0x5e00False0.418384308511data5.00764298763IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0x2e0000x2c480x2200False0.240119485294data2.72081099392IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                        .rsrc0x310000x1e00x200False0.529296875data4.724728912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x320000x11600x1200False0.776475694444GLS_BINARY_LSB_FIRST6.42605548151IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_MANIFEST0x310600x17dXML 1.0 document textEnglishUnited States

                                        Imports

                                        DLLImport
                                        KERNEL32.dllCloseHandle, GetLocalTime, lstrlenW, FreeLibraryAndExitThread, CreateThread, lstrcpyW, WriteConsoleW, CreateFileW, SetFilePointerEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RaiseException, InterlockedFlushSList, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, RtlUnwind, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, GetFileType, LCMapStringW, GetProcessHeap, GetStringTypeW, HeapSize, HeapReAlloc, SetStdHandle, FlushFileBuffers, WriteFile, GetConsoleCP, GetConsoleMode, DecodePointer
                                        USER32.dllwsprintfW
                                        WS2_32.dllWSAGetLastError, htons

                                        Exports

                                        NameOrdinalAddress
                                        DllInstall20x10018b40
                                        DllRegisterServer10x10018b90
                                        EntryPoint30x10018bb0

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Feb 17, 2021 05:45:47.519188881 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:47.519236088 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:47.519375086 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:47.519397974 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:47.520349979 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:47.520436049 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.065546036 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.077378988 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.107116938 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.116174936 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.116801977 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.116863012 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.116898060 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.116930008 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.118364096 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.118398905 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.118432045 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.118460894 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.120924950 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.131230116 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.131712914 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.131769896 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.131812096 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.131887913 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.131933928 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.131942034 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.133572102 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.148107052 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.160742998 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.161309004 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.161402941 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.161474943 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.161541939 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.161565065 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.161580086 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.161611080 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.161628962 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.161643028 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.161669016 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.161696911 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.161724091 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.163517952 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.163604975 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.171438932 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.172008991 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.172070980 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.172105074 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.172107935 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.172142982 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.172147036 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.172180891 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.172183037 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.172218084 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.172239065 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.184124947 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.184581995 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.184624910 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.184649944 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.184689045 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.186312914 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.186378956 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.186412096 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.186471939 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.188375950 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.188443899 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.201785088 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.202140093 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.202231884 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.202251911 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.202321053 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.790190935 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.799169064 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.813055992 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.824748039 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.833458900 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.843597889 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.844590902 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.844636917 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.844712973 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.844765902 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.845887899 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.845968962 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.845982075 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.846059084 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.848207951 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.848253012 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.848354101 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.850548029 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.850603104 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.850620031 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.850658894 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.850780964 CET4434970192.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.850878000 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.852279902 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.852336884 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.852355003 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.852404118 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.853657007 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.853717089 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.853735924 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.853801012 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.855963945 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.856020927 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.856046915 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.856103897 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.864350080 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.864517927 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.864722967 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.864795923 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.865549088 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.865619898 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.865637064 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.865734100 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.867774010 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.867835045 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.867870092 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.867893934 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.869973898 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.870042086 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.878552914 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.879158020 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.879232883 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.879303932 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.879350901 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.881059885 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.881191015 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.887473106 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.887833118 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.887952089 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.887984037 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.887986898 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.888030052 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.888034105 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.888037920 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.888092995 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.890338898 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.890444994 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.890446901 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.890508890 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.892816067 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.892921925 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.892925024 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.892992020 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.894395113 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.895128965 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.895210028 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.895355940 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.895437002 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.895519972 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.895559072 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.895589113 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.895613909 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.895705938 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.895745039 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.895801067 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.895833969 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.897413969 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.897495985 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.897542000 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.897641897 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.897737980 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.897825003 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.897917986 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.898027897 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.899482012 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.899559021 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.899606943 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.899666071 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.900285959 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.900366068 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.900374889 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.900496960 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.901832104 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.901912928 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.901998997 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.902148962 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.902713060 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.902800083 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.903141022 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.903243065 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.904119968 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.904159069 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.904196978 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.904227018 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.905215979 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.905253887 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.905301094 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.905327082 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.906280041 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.906388998 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.906492949 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.906568050 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.907577038 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.907672882 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.907759905 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.907834053 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.908672094 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.908720016 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.908749104 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.908775091 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.910016060 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.910069942 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.910092115 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.910124063 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.910779953 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.910860062 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.910903931 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.910959005 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.912498951 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.912594080 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.912986994 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.913055897 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.913075924 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.913132906 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.915334940 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.915358067 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.915399075 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.915419102 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.917597055 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.917665005 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.946264029 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.946360111 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.946377039 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.946424007 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.947213888 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.947298050 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.947406054 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.947454929 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.949493885 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.949537039 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.949568033 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.949584007 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.951893091 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.951946020 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.951977015 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.951997995 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.954082966 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.954125881 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.954155922 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.954186916 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.956209898 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.956250906 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.956280947 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.956295013 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.958549023 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.958595037 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.958626986 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.958642006 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.960706949 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.960736990 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.960777998 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.960798979 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.963072062 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.963104010 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.963143110 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.963170052 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.965359926 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.965409040 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.965434074 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.965457916 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.967581034 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.967611074 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.967633963 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.967654943 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.969846964 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.969888926 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.969918966 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.969954014 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.972196102 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.972268105 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.972349882 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.972397089 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.974508047 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.974548101 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.974567890 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.976022005 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.976608992 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.976651907 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.976669073 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.976699114 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.978859901 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.978916883 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.978929996 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.978965044 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.981062889 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.981091976 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.981132030 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.981158972 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.983252048 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.983288050 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.983300924 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.983338118 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.985557079 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.985585928 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.985610008 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.985631943 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.987838984 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.987868071 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.987901926 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.987921000 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.989995956 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.990037918 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.990063906 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.990086079 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.997205019 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.997270107 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.997301102 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.997325897 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.998012066 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.998080969 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:48.998091936 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:48.998148918 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.256865978 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.267441988 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.307990074 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.308239937 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.308360100 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.308422089 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.308511972 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.308661938 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.308703899 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.308748960 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.308794022 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.309444904 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.309528112 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.309545994 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.309619904 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.310374022 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.310415983 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.310460091 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.310503960 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.311171055 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.311254978 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.311284065 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.311358929 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.311965942 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.312072039 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.312124968 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.312215090 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.312752962 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.312794924 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.312843084 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.313616991 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.313667059 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.313694954 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.313724995 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.313790083 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.314435959 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.314512968 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.314529896 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.314584017 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.315265894 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.315323114 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.315350056 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.315418959 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.316076994 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.316150904 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.316203117 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.316260099 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.317014933 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.317048073 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.317109108 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.317126989 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.321372986 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.321810961 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.321851969 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.321934938 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.323834896 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.323873997 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.323947906 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.325078011 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.325177908 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.325494051 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.326139927 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.326208115 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.326229095 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.326267004 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.328553915 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.328608036 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.328644991 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.328671932 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.330951929 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.330993891 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.331039906 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.331063986 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.334310055 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.334628105 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.334675074 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.334733009 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.334764004 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.335673094 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.335714102 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.335756063 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.335788012 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.338077068 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.338119030 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.338171005 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.340470076 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.340514898 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.340537071 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.340563059 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.340575933 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.343018055 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.343106985 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.343111992 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.343221903 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.345438957 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.345489025 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.345520973 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.345556974 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.349730015 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.349773884 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.349823952 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.349852085 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.350006104 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.350049973 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.350075960 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.350121021 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.350351095 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.352564096 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.352607012 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.352647066 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.352670908 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.354805946 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.354890108 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.377104044 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.377151966 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.377204895 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.377239943 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.377404928 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.377469063 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.377481937 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.377522945 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.378282070 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.378324986 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.378345013 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.378374100 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.379062891 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.379097939 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.379129887 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.379148006 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.389513016 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.389581919 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.389669895 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.389718056 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.390537977 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.390605927 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.401422024 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.401468039 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.401485920 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.401525974 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.401561975 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.402554035 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.402616024 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.402718067 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.404777050 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.404850006 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.455813885 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.455858946 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.455948114 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.456091881 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.456783056 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.456898928 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.667951107 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.722309113 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.722362041 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.722559929 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.723716974 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.723849058 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.723854065 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.723932028 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.725684881 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.725756884 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.725759983 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.725887060 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.728229046 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.728300095 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.728321075 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.728384972 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.730968952 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.731035948 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.731035948 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.731093884 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.732868910 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.732933044 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.732943058 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.732995987 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.735241890 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.735311985 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.735315084 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.735392094 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.737565994 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.737628937 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.737637997 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.737692118 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.740005016 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.740066051 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.911446095 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.925148964 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.935000896 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.947669983 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.965847015 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.965905905 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.966010094 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.966098070 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.966814995 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.966865063 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.966883898 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.966912985 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.970103025 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.970135927 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.970176935 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.970202923 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.976072073 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.976124048 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.976165056 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.976195097 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.977128029 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.977183104 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.977293015 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.977341890 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.979445934 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.979507923 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.979609966 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.979677916 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.981669903 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.981715918 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.981758118 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.981800079 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.981822968 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.983833075 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.983874083 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.983906031 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.983937025 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.986063004 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.986134052 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.986140013 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.986196041 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.986221075 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.986238956 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.986267090 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.986293077 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.986656904 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.986697912 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.986731052 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.987664938 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.987723112 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.987755060 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.987827063 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.987889051 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.988595963 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.988637924 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.988670111 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.988677025 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.988707066 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.988711119 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.988739967 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.988754034 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.989057064 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.989098072 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.989132881 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.989161015 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.989984035 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.990025043 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.990070105 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.990098000 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.990927935 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.990969896 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.990994930 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.991020918 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.991693020 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.991734028 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.991765022 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.991792917 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.992352009 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.992393970 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.992419958 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.992446899 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.993223906 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.993267059 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.993290901 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.993318081 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.994378090 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.994421005 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.994455099 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.994482040 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.994882107 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.994920969 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.994950056 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.994976997 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.995031118 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.995693922 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.995735884 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.995765924 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.995795012 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.996629000 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.996670961 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.996722937 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.996748924 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.997380018 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.997446060 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.997473001 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.997500896 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.998172045 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.998241901 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.998280048 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.998341084 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.999002934 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.999061108 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:49.999068022 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:49.999116898 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.001635075 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.001674891 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.001702070 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.001738071 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.001748085 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.001801014 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.001802921 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.001846075 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.001862049 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.001883984 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.001908064 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.001924992 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.001934052 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.001962900 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.002036095 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.002079010 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.002182961 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.002223969 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.002249002 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.002281904 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.003021002 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.003062010 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.003103971 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.003133059 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.003428936 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.003473997 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.003490925 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.003529072 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.004201889 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.004270077 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.004313946 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.004375935 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.004766941 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.004805088 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.004828930 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.004857063 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.005039930 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.005084038 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.005115032 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.005141973 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.005650997 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.005693913 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.005718946 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.005745888 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.006448984 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.006498098 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.006515980 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.006573915 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.007409096 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.007451057 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.007488966 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.007493019 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.007512093 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.007527113 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.007544041 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.007592916 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.008049965 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.008100986 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.008110046 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.008162975 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.009243011 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.009291887 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.009303093 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.009336948 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.009354115 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.009376049 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.009398937 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.009432077 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.009996891 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.010036945 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.010062933 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.010106087 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.010647058 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.010685921 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.010704041 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.010740995 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.011295080 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.011333942 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.011357069 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.011382103 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.011409044 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.011450052 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.011464119 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.011514902 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.012341976 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.012386084 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.012403965 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.012439966 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.012928963 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.012978077 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.012985945 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.013036966 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.013294935 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.013334036 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.013355017 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.013380051 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.013789892 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.013833046 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.013854027 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.013890028 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.014672995 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.014731884 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.014803886 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.014864922 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.015578032 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.015620947 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.015640974 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.015659094 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.015672922 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.015688896 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.015718937 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.015741110 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.016778946 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.016844988 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.017157078 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.017216921 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.018335104 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.018384933 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.018409014 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.018426895 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.018436909 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.018465996 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.018482924 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.018528938 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.018835068 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.018877029 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.018894911 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.018923044 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.020049095 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.020117998 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.036142111 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.036201000 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.036348104 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.036389112 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.045932055 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.045977116 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.046010971 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.046041965 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.046958923 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.047004938 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.047049046 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.047080994 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.049634933 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.049676895 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.049705982 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.049735069 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.051775932 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.051815987 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.051845074 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.051868916 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.054030895 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.054101944 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.359172106 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.395246029 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.404320955 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.410633087 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.410684109 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.410788059 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.411673069 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.411735058 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.411745071 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.411767006 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.411818027 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.413964987 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.414050102 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.414062023 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.414128065 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.416160107 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.416202068 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.416256905 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.416281939 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.418371916 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.418452024 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.418477058 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.418541908 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.420752048 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.420809031 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.420839071 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.420859098 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.422943115 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.422991991 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.423019886 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.423028946 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.423051119 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.425187111 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.425241947 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.425275087 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.425306082 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.427536964 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.427584887 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.427628040 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.427661896 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.427773952 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.429543972 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.429598093 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.429624081 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.429642916 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.431824923 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.431886911 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.431900024 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.431956053 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.434083939 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.434150934 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.434159040 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.434212923 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.436302900 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.436367989 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.436399937 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.436455965 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.438666105 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.438724995 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.438751936 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.438776970 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.440783978 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.440855026 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.440890074 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.440948009 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.443036079 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.443070889 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.443123102 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.443144083 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.445287943 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.445353985 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.445359945 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.445416927 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.447418928 CET4434970092.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.447479010 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.449743032 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.449794054 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.449866056 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.450891972 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.450944901 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.450959921 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.450962067 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.451018095 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.453277111 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.453326941 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.453377962 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.453397036 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.455646992 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.455734968 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.455754042 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.455775976 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.455817938 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.455828905 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.455873013 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.455940962 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.456347942 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.456414938 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.456594944 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.456657887 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.456872940 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.456943989 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.457010984 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.457065105 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.457690954 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.457761049 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.457818985 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.457881927 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.457890034 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.457928896 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.458017111 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.458065033 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.458463907 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.458527088 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.458533049 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.458583117 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.458904982 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.458971977 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.458978891 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.459038019 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.459640026 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.459680080 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.459707975 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.459728956 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.460453033 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.460534096 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.460582972 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.460640907 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.460832119 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.460961103 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.460966110 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.460983992 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.461039066 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.461070061 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.461091042 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.461146116 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.461801052 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.461868048 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.461875916 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.461942911 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.462613106 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.462677956 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.462682962 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.462728977 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.462735891 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.462783098 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.462812901 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.462861061 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.463217020 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.463279963 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.463290930 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.463346958 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.464011908 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.464080095 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.464087009 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.464133978 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.464698076 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.464761972 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.464816093 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.464864016 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.465217113 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.465281010 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.465282917 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.465337038 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.465367079 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.465404034 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.465420961 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.465445042 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.466053963 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.466119051 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.466125011 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.466182947 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.466857910 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.466921091 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.466931105 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.466978073 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.467412949 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.467470884 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.467480898 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.467533112 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.467566013 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.467622995 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.467669010 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.467721939 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.468157053 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.468230963 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.468276024 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.468327045 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.468974113 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.469038963 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.469050884 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.469094038 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.469575882 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.469643116 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.469775915 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.469829082 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.469839096 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.469894886 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.469934940 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.469990015 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.470340967 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.470413923 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.470415115 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.470465899 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.471056938 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.471126080 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.471142054 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.471206903 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.471822023 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.471878052 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.472014904 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.472070932 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.472258091 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.472321033 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.472325087 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.472381115 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.472403049 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.472455025 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.472515106 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.472564936 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.473093033 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.473160028 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.473226070 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.473280907 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.474236012 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.474262953 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.474296093 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.474317074 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.474580050 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.474634886 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.474778891 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.474842072 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.474859953 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.474925995 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.474944115 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.474997997 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.475343943 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.475399971 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.475461960 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.475529909 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.476061106 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.476120949 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.476233959 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.476294041 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.476825953 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.476886034 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.476901054 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.476938963 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.476953030 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.476988077 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.477005959 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.477058887 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.477417946 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.477468014 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.477479935 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.477524996 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.477583885 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.477664948 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.477663040 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.477710962 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.478178978 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.478231907 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.478387117 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.478455067 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.478595972 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.478650093 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.478662014 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.478739023 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.478748083 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.478769064 CET4434969792.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.478806019 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.478807926 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.478831053 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.478862047 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.478923082 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.478972912 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.479324102 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.479377985 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.479418993 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.479465008 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.479470968 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.479521990 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.479587078 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.479636908 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.479702950 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.479767084 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.479789019 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.479837894 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.480232000 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.480278015 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.480289936 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.480333090 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.480986118 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.481013060 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.481036901 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.481060028 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.481708050 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.481735945 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.481761932 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.481791019 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.481854916 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.481882095 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.481908083 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.481926918 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.482023954 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.482083082 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.482156992 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.482208967 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.482433081 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.482484102 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.482501984 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.482549906 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.483361959 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.483391047 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.483423948 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.483445883 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.484067917 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.484133005 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.484236002 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.484276056 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.484308004 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.484374046 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.484380960 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.484401941 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.484431982 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.484450102 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.484457016 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.484535933 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.484553099 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.484586954 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.484603882 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.484638929 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.485235929 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.485266924 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.485299110 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.485320091 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.486048937 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.486109018 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.486114979 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.486156940 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.486190081 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.486217022 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.486241102 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.486265898 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.486335993 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.486433029 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.486443996 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.486491919 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.486675978 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.486722946 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.486751080 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.486803055 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.487401009 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.487466097 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.487478018 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.487509012 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.488114119 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.488179922 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.488207102 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.488285065 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.488312960 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.488382101 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.488409042 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.488491058 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.488698006 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.488795042 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.488818884 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.488825083 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.488867044 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.488874912 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.488897085 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.488954067 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.489460945 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.489530087 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.489542007 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.489605904 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.490299940 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.490326881 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.490358114 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.490387917 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.490437031 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.490464926 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.490500927 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.490519047 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.491199970 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.491249084 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.491265059 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.491319895 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.491333008 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.491405010 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.491427898 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.491478920 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.491698980 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.491745949 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.491823912 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.491878033 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.492275953 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.492331982 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.492355108 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.492423058 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.492496967 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.492558956 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.492590904 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.492641926 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.493026972 CET4434970292.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.493089914 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.493760109 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.493832111 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.493881941 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.493927002 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.494685888 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.494741917 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.494749069 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.494800091 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.496056080 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.496084929 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.496201038 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.496798038 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.496861935 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.496872902 CET4434970692.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.496943951 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.498279095 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.498307943 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.498409033 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.498455048 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.503470898 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.503597975 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.505152941 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.505208015 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.505275011 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.505322933 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.506865025 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.506901026 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.507019997 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.507066011 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.509596109 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.509675980 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.509680986 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.509735107 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.511668921 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.511739016 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.511885881 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.511945009 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.514482021 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.514525890 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.514550924 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.514575958 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.516638041 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.516685963 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.516767025 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.516812086 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.519068003 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.519176960 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.519190073 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.519239902 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.522128105 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.522157907 CET4434970392.122.145.220192.168.2.3
                                        Feb 17, 2021 05:45:50.522257090 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:50.522303104 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:51.498358965 CET49697443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:51.498553991 CET4969880192.168.2.393.184.220.29
                                        Feb 17, 2021 05:45:51.498620987 CET49701443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:51.498641014 CET49700443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:51.498665094 CET49702443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:51.498755932 CET49706443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:51.498755932 CET49703443192.168.2.392.122.145.220
                                        Feb 17, 2021 05:45:59.287488937 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.288355112 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.334943056 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.335088968 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.335122108 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.335263968 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.335968971 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.336066961 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.382296085 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.382323980 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.382965088 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.383006096 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.383040905 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.383090019 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.383310080 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.383351088 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.383466005 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.383523941 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.392149925 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.392494917 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.392712116 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.394171000 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.394517899 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.438915968 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.438962936 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.439157963 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.439189911 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.439361095 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.439881086 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.439930916 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.439968109 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.439970016 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.440181971 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.440257072 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.440263987 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.440329075 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.440366983 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.440944910 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.461203098 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.461249113 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.461318016 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.461379051 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:45:59.486114979 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:45:59.486568928 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:46:02.745902061 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.746156931 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.746355057 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.746531010 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.746638060 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.747869968 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.788084030 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.788126945 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.788180113 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.788234949 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.788297892 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.788429022 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.788492918 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.788505077 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.788528919 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.788681030 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.789664984 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.789798021 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.789845943 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.790452957 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.790699959 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.791253090 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.794956923 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.795504093 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.832010984 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.832259893 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.832511902 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.832598925 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.832680941 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.832771063 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.833049059 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.833093882 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.833132029 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.833297014 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.833326101 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.833354950 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.833420992 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.833431005 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.833465099 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.833512068 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.833575010 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.833590031 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.833730936 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.834112883 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.834186077 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.834203959 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.834247112 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.834254980 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.834307909 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.838344097 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.838362932 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.838402033 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.838423967 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.838459015 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.838485003 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.838502884 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.838512897 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.839135885 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.839167118 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.839196920 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.839215994 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.839261055 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.839270115 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.840114117 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.842719078 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.847776890 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.848913908 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.848969936 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.849005938 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.849013090 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.849325895 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.849646091 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.849689007 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.849889040 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.850095034 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.850131035 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.850169897 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.850323915 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.850433111 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.850457907 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.850583076 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.850661039 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.857398987 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.857682943 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.882330894 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.882464886 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.885055065 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.885361910 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.891805887 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.891827106 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.891866922 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.891896009 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.891905069 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.891932011 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.891954899 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.891973972 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.891990900 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.892081976 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.892540932 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.892576933 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.892641068 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.892956972 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893014908 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893016100 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893048048 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893094063 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893132925 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893136978 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893153906 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893258095 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893357992 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893419981 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893454075 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893456936 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893484116 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893491983 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893517017 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893527031 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893542051 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893546104 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893560886 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893567085 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893570900 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893603086 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893610954 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893629074 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893637896 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893661022 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893670082 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893687963 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.893692970 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893728971 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.893801928 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.894524097 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.894552946 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.894634008 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.895039082 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.895539045 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.895647049 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.895667076 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.895730019 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.896312952 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.896492004 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.896536112 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.896552086 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.896585941 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.897598028 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.897706985 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.897835016 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.897888899 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.898711920 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.898771048 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.898776054 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.898823977 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.900651932 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.900702000 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.900729895 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.900762081 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.900836945 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.900862932 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.900904894 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.900928020 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.901748896 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.901777983 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.901838064 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.902021885 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.902076960 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.902096987 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.902157068 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.904825926 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.924571037 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.924634933 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.924743891 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.924782991 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.934129000 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.934317112 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.934462070 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.935105085 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.935235977 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.935544968 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.935612917 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.935739994 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.935797930 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.935828924 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.935883045 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.935908079 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.935965061 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.936034918 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.936084032 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.936089039 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.936140060 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.936145067 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.936197996 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.936700106 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.936763048 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.936846018 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.936908007 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.937747955 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.937820911 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.938011885 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.938858032 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.938930988 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.941009998 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.941097021 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.941586971 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.941673040 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.941715002 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.941772938 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.941797972 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.941838026 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.941844940 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.942249060 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.942307949 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.942384005 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.944391966 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.944463968 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.944955111 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.945028067 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.945852995 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.945883989 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.945930004 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.945947886 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.945966005 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.945985079 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.946010113 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.946026087 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.946070910 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.946079016 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.946130991 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.946986914 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.947033882 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.947065115 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.947082043 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.947802067 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.947863102 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.948144913 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.948205948 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.948863983 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.948955059 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.949050903 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.949107885 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.950002909 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.950033903 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.950082064 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.950108051 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.951086998 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.951174974 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.951179028 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.951226950 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.952167034 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.952228069 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.952236891 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.952292919 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.953238964 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.953362942 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.953380108 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.953433990 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.954394102 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.954499960 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.954505920 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.954569101 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.955523014 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.955585003 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.955614090 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.955653906 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.956639051 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.956684113 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.956744909 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.966567993 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.966645956 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.966674089 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.966722965 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.967430115 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.967544079 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.967614889 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.976239920 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.976357937 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.976423025 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.976629019 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.976685047 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.977051973 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.977109909 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.977219105 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.977895975 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.978113890 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.978173018 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.978317976 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.978384018 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.979182959 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.979245901 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.979322910 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.979382038 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.979867935 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.979907990 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.979959011 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.980000019 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.980022907 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.980643034 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.980685949 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.980777979 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.980906010 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.981687069 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.981729031 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.981795073 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.982613087 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.982655048 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.982718945 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.983223915 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.983444929 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.983791113 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.983866930 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.986172915 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986211061 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986254930 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986284971 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.986285925 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986324072 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.986329079 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986340046 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.986362934 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986417055 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986422062 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.986466885 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986473083 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.986525059 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.986536026 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.986587048 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.987579107 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.987612009 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.987643003 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.987667084 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.988723993 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.988966942 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.989047050 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.989655018 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.989721060 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.989746094 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.989803076 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.989897013 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.989984989 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.990092039 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.990163088 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.991276026 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.991312027 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.991379976 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.991987944 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.992029905 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.992062092 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.992101908 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.993050098 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.993084908 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.993125916 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.993159056 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.993891954 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.993916988 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.993990898 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.994645119 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.994712114 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.994735956 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.994791985 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.995532036 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.995598078 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.995713949 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.995773077 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.996370077 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.996433020 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.996450901 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.996506929 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.996525049 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.996582031 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.996601105 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.996659040 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.997164011 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.997240067 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.997308016 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.998079062 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.998100996 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.998146057 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.998168945 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:02.999047041 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:46:02.999124050 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:46:42.518011093 CET804968193.184.220.29192.168.2.3
                                        Feb 17, 2021 05:46:42.518147945 CET4968180192.168.2.393.184.220.29
                                        Feb 17, 2021 05:46:43.369899035 CET4968780192.168.2.384.53.167.113
                                        Feb 17, 2021 05:46:43.370071888 CET49686443192.168.2.32.17.179.193
                                        Feb 17, 2021 05:46:43.410849094 CET804968784.53.167.113192.168.2.3
                                        Feb 17, 2021 05:46:43.410891056 CET443496862.17.179.193192.168.2.3
                                        Feb 17, 2021 05:46:43.410917044 CET443496862.17.179.193192.168.2.3
                                        Feb 17, 2021 05:46:43.410991907 CET4968780192.168.2.384.53.167.113
                                        Feb 17, 2021 05:46:43.411039114 CET49686443192.168.2.32.17.179.193
                                        Feb 17, 2021 05:46:43.411120892 CET49686443192.168.2.32.17.179.193
                                        Feb 17, 2021 05:46:43.764427900 CET804969193.184.220.29192.168.2.3
                                        Feb 17, 2021 05:46:43.764735937 CET4969180192.168.2.393.184.220.29
                                        Feb 17, 2021 05:46:43.828289986 CET804968093.184.220.29192.168.2.3
                                        Feb 17, 2021 05:46:43.828460932 CET4968080192.168.2.393.184.220.29
                                        Feb 17, 2021 05:46:44.960671902 CET49694443192.168.2.323.218.209.198
                                        Feb 17, 2021 05:46:44.964180946 CET4969580192.168.2.393.184.220.29
                                        Feb 17, 2021 05:46:46.190630913 CET804969393.184.220.29192.168.2.3
                                        Feb 17, 2021 05:46:46.192951918 CET4969380192.168.2.393.184.220.29
                                        Feb 17, 2021 05:47:31.982085943 CET4968080192.168.2.393.184.220.29
                                        Feb 17, 2021 05:47:31.982120037 CET4968180192.168.2.393.184.220.29
                                        Feb 17, 2021 05:47:31.982155085 CET4969180192.168.2.393.184.220.29
                                        Feb 17, 2021 05:47:32.025338888 CET804968093.184.220.29192.168.2.3
                                        Feb 17, 2021 05:47:32.025402069 CET804968193.184.220.29192.168.2.3
                                        Feb 17, 2021 05:47:32.025496006 CET804969193.184.220.29192.168.2.3
                                        Feb 17, 2021 05:47:32.025515079 CET4968080192.168.2.393.184.220.29
                                        Feb 17, 2021 05:47:32.025527954 CET4968180192.168.2.393.184.220.29
                                        Feb 17, 2021 05:47:32.025640011 CET4969180192.168.2.393.184.220.29
                                        Feb 17, 2021 05:47:46.511837959 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.511921883 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.511995077 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.512080908 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.512087107 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.512989998 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.514606953 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:47:46.514627934 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:47:46.553972960 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.554003000 CET44350003151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.554035902 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.554076910 CET44349999151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.554102898 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.554116011 CET50003443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.554214001 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.554228067 CET49999443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.554327011 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.554353952 CET44350002151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.554415941 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.554449081 CET50002443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.555243969 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.555272102 CET44350001151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.555327892 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.555470943 CET50001443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.555495024 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.555563927 CET44350000151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.555614948 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.555658102 CET50000443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.556052923 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.556102037 CET44350004151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:47:46.556122065 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.556178093 CET50004443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:47:46.560926914 CET44349984104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:47:46.561007023 CET49984443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:47:46.563751936 CET44349985104.20.185.68192.168.2.3
                                        Feb 17, 2021 05:47:46.564205885 CET49985443192.168.2.3104.20.185.68
                                        Feb 17, 2021 05:47:47.627840996 CET804969393.184.220.29192.168.2.3
                                        Feb 17, 2021 05:47:47.627929926 CET4969380192.168.2.393.184.220.29
                                        Feb 17, 2021 05:47:58.063843012 CET804969393.184.220.29192.168.2.3
                                        Feb 17, 2021 05:47:58.064641953 CET4969380192.168.2.393.184.220.29
                                        Feb 17, 2021 05:48:45.734297037 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.734332085 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.734482050 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.734499931 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.776501894 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.776554108 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.776587009 CET44350044151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.776614904 CET44350045151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.776701927 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.776762009 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.776772022 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.777131081 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.777132034 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.777169943 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.783790112 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.784040928 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.818970919 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.818998098 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.819840908 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.819873095 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.819916964 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.819972038 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.820020914 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.820049047 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.820075989 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.820095062 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.820148945 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.820184946 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.824511051 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.824914932 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.825026035 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.825428963 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.825488091 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.825540066 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.825876951 CET44350044151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.825896978 CET44350045151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.826838017 CET44350044151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.826869965 CET44350044151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.826960087 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.826963902 CET44350044151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.826992989 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.827013969 CET44350045151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.827073097 CET44350045151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.827084064 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.827117920 CET44350045151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.827132940 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.827176094 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.827183008 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.829014063 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.829186916 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.830209970 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.830499887 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.831077099 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.831218958 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.866664886 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.866754055 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.866923094 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.866991997 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.867170095 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.867279053 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.867923021 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.867971897 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868000984 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.868009090 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868019104 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.868057966 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.868089914 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868130922 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868141890 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.868169069 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868172884 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.868216991 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.868287086 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868330956 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.868586063 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868639946 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.868701935 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868810892 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.868859053 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.869144917 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.869220018 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.869219065 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.870251894 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.870285988 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.870341063 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.870369911 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.870805979 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.870991945 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.871036053 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.871084929 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.871124983 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.871155024 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.871213913 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.871275902 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.872271061 CET44350044151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.872294903 CET44350044151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.872334003 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.872363091 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.872401953 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.872414112 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.872468948 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.873202085 CET44350045151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.873279095 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.873358011 CET44350045151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.873415947 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.873456955 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.873517036 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.873656988 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.873712063 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.874438047 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.874495029 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.874577045 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.875219107 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.875633001 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.875705004 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.875710964 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.876796961 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.876826048 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.876869917 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.876908064 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.877799034 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.877815008 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.877851009 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.877898932 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.877922058 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.879333973 CET50044443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.880388021 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.908911943 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.908955097 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.908981085 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.909006119 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.909071922 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.909113884 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.909168005 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.909841061 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.910056114 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.910087109 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.910170078 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.910175085 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.910187960 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.910207987 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.910239935 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.910299063 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.910332918 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.910339117 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.910363913 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.910401106 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.910432100 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.910451889 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.911104918 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.911159039 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.911195040 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.911218882 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.912223101 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.912363052 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.912415981 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.912440062 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:45.954724073 CET44350042151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.960177898 CET44350043151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.966197968 CET44350044151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:45.968550920 CET44350045151.101.1.44192.168.2.3
                                        Feb 17, 2021 05:48:49.201174974 CET50042443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:49.201212883 CET50045443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:49.201244116 CET50043443192.168.2.3151.101.1.44
                                        Feb 17, 2021 05:48:49.201258898 CET50044443192.168.2.3151.101.1.44

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Feb 17, 2021 05:45:47.541949987 CET53575448.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:48.481106043 CET5598453192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:48.531096935 CET53559848.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:49.588815928 CET6418553192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:49.636148930 CET53641858.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:50.715537071 CET6511053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:50.765811920 CET53651108.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:52.185293913 CET5836153192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:52.232585907 CET53583618.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:53.362740993 CET6349253192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:53.410371065 CET53634928.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:54.380789995 CET6083153192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:54.438883066 CET53608318.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:55.817166090 CET6010053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:55.874710083 CET53601008.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:56.025535107 CET5319553192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:56.073156118 CET53531958.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:56.712110043 CET5014153192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:56.768460989 CET53501418.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:56.970551014 CET5302353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:57.017852068 CET53530238.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:57.213406086 CET4956353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:57.272927999 CET53495638.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:57.440412045 CET5135253192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:57.454693079 CET5934953192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:57.499188900 CET53513528.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:57.511405945 CET53593498.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:58.542819023 CET5708453192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:58.590374947 CET53570848.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:58.908437014 CET5882353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:58.979271889 CET53588238.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:59.232383966 CET5756853192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:59.252619028 CET5054053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:45:59.279655933 CET53575688.8.8.8192.168.2.3
                                        Feb 17, 2021 05:45:59.318367004 CET53505408.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:00.940016985 CET5436653192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:00.987302065 CET53543668.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:01.486640930 CET5303453192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:01.552354097 CET53530348.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:01.890166998 CET5776253192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:01.948724985 CET53577628.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:01.980561018 CET5543553192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:02.050000906 CET53554358.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:02.146986961 CET5071353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:02.209464073 CET5613253192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:02.209763050 CET53507138.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:02.261200905 CET53561328.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:02.669281960 CET5898753192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:02.731290102 CET53589878.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:03.709189892 CET5657953192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:03.759819031 CET53565798.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:05.003809929 CET6063353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:05.062232971 CET53606338.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:06.443084955 CET6129253192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:06.493060112 CET53612928.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:07.445044041 CET6361953192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:07.492120981 CET53636198.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:12.362082005 CET6493853192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:12.412106991 CET53649388.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:13.800477028 CET6194653192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:13.855803013 CET53619468.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:25.766757011 CET6491053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:25.814070940 CET53649108.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:26.438172102 CET5212353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:26.495898008 CET53521238.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:26.759809017 CET6491053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:26.807313919 CET53649108.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:27.578583956 CET5212353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:27.634253979 CET53521238.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:27.781807899 CET6491053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:27.837501049 CET53649108.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:28.669243097 CET5212353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:28.727163076 CET53521238.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:28.860745907 CET5613053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:28.966942072 CET53561308.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:29.784501076 CET6491053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:29.831716061 CET53649108.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:30.675081015 CET5212353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:30.722124100 CET53521238.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:33.306988001 CET5633853192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:33.367753983 CET53563388.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:33.792097092 CET6491053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:33.839242935 CET53649108.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:34.682352066 CET5212353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:34.737924099 CET53521238.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:34.909024000 CET5942053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:34.956288099 CET53594208.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:43.194884062 CET5878453192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:43.252846956 CET53587848.8.8.8192.168.2.3
                                        Feb 17, 2021 05:46:59.099205971 CET6397853192.168.2.38.8.8.8
                                        Feb 17, 2021 05:46:59.159260988 CET53639788.8.8.8192.168.2.3
                                        Feb 17, 2021 05:47:14.085201025 CET6293853192.168.2.38.8.8.8
                                        Feb 17, 2021 05:47:14.150624990 CET53629388.8.8.8192.168.2.3
                                        Feb 17, 2021 05:47:26.948766947 CET5570853192.168.2.38.8.8.8
                                        Feb 17, 2021 05:47:27.007167101 CET53557088.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:01.166320086 CET5680353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:01.213680983 CET53568038.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:07.474417925 CET5714553192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:07.540091991 CET53571458.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:37.853167057 CET5535953192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:37.902290106 CET53553598.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:38.533632994 CET5830653192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:38.583875895 CET53583068.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:39.539634943 CET6412453192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:39.586735010 CET53641248.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:39.648612022 CET4936153192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:39.708003998 CET53493618.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:40.560039997 CET6315053192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:40.623595953 CET53631508.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:41.235548019 CET5327953192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:41.308352947 CET53532798.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:42.617455959 CET5688153192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:42.683634043 CET53568818.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:43.584796906 CET5364253192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:43.653537035 CET53536428.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:44.797336102 CET5566753192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:44.844213963 CET53556678.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:45.665018082 CET5483353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:45.723470926 CET53548338.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:49.204150915 CET6247653192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:49.254118919 CET53624768.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:49.667378902 CET4970553192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:49.714549065 CET53497058.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:50.427206993 CET6147753192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:50.482770920 CET53614778.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:50.861413956 CET6163353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:50.916824102 CET53616338.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:51.291542053 CET5594953192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:51.352195978 CET53559498.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:51.792088032 CET5760153192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:51.851913929 CET53576018.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:52.295753956 CET4934253192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:52.351242065 CET53493428.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:52.878613949 CET5625353192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:52.937202930 CET53562538.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:53.554934978 CET4966753192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:53.615221024 CET53496678.8.8.8192.168.2.3
                                        Feb 17, 2021 05:48:53.983577967 CET5543953192.168.2.38.8.8.8
                                        Feb 17, 2021 05:48:54.030638933 CET53554398.8.8.8192.168.2.3

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                        Feb 17, 2021 05:45:56.970551014 CET192.168.2.38.8.8.80x4da1Standard query (0)www.msn.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:45:58.908437014 CET192.168.2.38.8.8.80x8852Standard query (0)web.vortex.data.msn.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:45:59.232383966 CET192.168.2.38.8.8.80x131aStandard query (0)geolocation.onetrust.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:45:59.252619028 CET192.168.2.38.8.8.80xf69dStandard query (0)contextual.media.netA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:01.486640930 CET192.168.2.38.8.8.80xd7a0Standard query (0)hblg.media.netA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:01.890166998 CET192.168.2.38.8.8.80x2aaStandard query (0)srtb.msn.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:01.980561018 CET192.168.2.38.8.8.80xf225Standard query (0)lg3.media.netA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:02.146986961 CET192.168.2.38.8.8.80x42daStandard query (0)cvision.media.netA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:02.669281960 CET192.168.2.38.8.8.80x51bcStandard query (0)img.img-taboola.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:37.853167057 CET192.168.2.38.8.8.80x3e5Standard query (0)www.msn.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:38.533632994 CET192.168.2.38.8.8.80x2fd2Standard query (0)www.msn.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:40.560039997 CET192.168.2.38.8.8.80x7da4Standard query (0)web.vortex.data.msn.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:41.235548019 CET192.168.2.38.8.8.80x50f4Standard query (0)contextual.media.netA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:42.617455959 CET192.168.2.38.8.8.80x3b54Standard query (0)lg3.media.netA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:43.584796906 CET192.168.2.38.8.8.80x9305Standard query (0)hblg.media.netA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:44.797336102 CET192.168.2.38.8.8.80xc708Standard query (0)srtb.msn.comA (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:45.665018082 CET192.168.2.38.8.8.80x5ceStandard query (0)img.img-taboola.comA (IP address)IN (0x0001)

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                        Feb 17, 2021 05:45:57.017852068 CET8.8.8.8192.168.2.30x4da1No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:45:58.979271889 CET8.8.8.8192.168.2.30x8852No error (0)web.vortex.data.msn.comweb.vortex.data.microsoft.comCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:45:59.279655933 CET8.8.8.8192.168.2.30x131aNo error (0)geolocation.onetrust.com104.20.185.68A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:45:59.279655933 CET8.8.8.8192.168.2.30x131aNo error (0)geolocation.onetrust.com104.20.184.68A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:45:59.318367004 CET8.8.8.8192.168.2.30xf69dNo error (0)contextual.media.net184.30.24.22A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:01.552354097 CET8.8.8.8192.168.2.30xd7a0No error (0)hblg.media.net184.30.24.22A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:01.948724985 CET8.8.8.8192.168.2.30x2aaNo error (0)srtb.msn.comwww.msn.comCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:46:01.948724985 CET8.8.8.8192.168.2.30x2aaNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:46:02.050000906 CET8.8.8.8192.168.2.30xf225No error (0)lg3.media.net184.30.24.22A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:02.209763050 CET8.8.8.8192.168.2.30x42daNo error (0)cvision.media.netcvision.media.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:46:02.731290102 CET8.8.8.8192.168.2.30x51bcNo error (0)img.img-taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:46:02.731290102 CET8.8.8.8192.168.2.30x51bcNo error (0)tls13.taboola.map.fastly.net151.101.1.44A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:02.731290102 CET8.8.8.8192.168.2.30x51bcNo error (0)tls13.taboola.map.fastly.net151.101.65.44A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:02.731290102 CET8.8.8.8192.168.2.30x51bcNo error (0)tls13.taboola.map.fastly.net151.101.129.44A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:02.731290102 CET8.8.8.8192.168.2.30x51bcNo error (0)tls13.taboola.map.fastly.net151.101.193.44A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:46:33.367753983 CET8.8.8.8192.168.2.30xdc95No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:48:37.902290106 CET8.8.8.8192.168.2.30x3e5No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:48:38.583875895 CET8.8.8.8192.168.2.30x2fd2No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:48:40.623595953 CET8.8.8.8192.168.2.30x7da4No error (0)web.vortex.data.msn.comweb.vortex.data.microsoft.comCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:48:41.308352947 CET8.8.8.8192.168.2.30x50f4No error (0)contextual.media.net184.30.24.22A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:42.683634043 CET8.8.8.8192.168.2.30x3b54No error (0)lg3.media.net184.30.24.22A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:43.653537035 CET8.8.8.8192.168.2.30x9305No error (0)hblg.media.net184.30.24.22A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:44.844213963 CET8.8.8.8192.168.2.30xc708No error (0)srtb.msn.comwww.msn.comCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:48:44.844213963 CET8.8.8.8192.168.2.30xc708No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:48:45.723470926 CET8.8.8.8192.168.2.30x5ceNo error (0)img.img-taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                        Feb 17, 2021 05:48:45.723470926 CET8.8.8.8192.168.2.30x5ceNo error (0)tls13.taboola.map.fastly.net151.101.1.44A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:45.723470926 CET8.8.8.8192.168.2.30x5ceNo error (0)tls13.taboola.map.fastly.net151.101.65.44A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:45.723470926 CET8.8.8.8192.168.2.30x5ceNo error (0)tls13.taboola.map.fastly.net151.101.129.44A (IP address)IN (0x0001)
                                        Feb 17, 2021 05:48:45.723470926 CET8.8.8.8192.168.2.30x5ceNo error (0)tls13.taboola.map.fastly.net151.101.193.44A (IP address)IN (0x0001)

                                        HTTPS Packets

                                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                        Feb 17, 2021 05:45:59.383006096 CET104.20.185.68443192.168.2.349984CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEFri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                        Feb 17, 2021 05:45:59.383351088 CET104.20.185.68443192.168.2.349985CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEFri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                        Feb 17, 2021 05:46:02.833049059 CET151.101.1.44443192.168.2.350003CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:46:02.833354950 CET151.101.1.44443192.168.2.350000CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:46:02.833590031 CET151.101.1.44443192.168.2.349999CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:46:02.834247112 CET151.101.1.44443192.168.2.350004CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:46:02.838459015 CET151.101.1.44443192.168.2.350001CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:46:02.839196920 CET151.101.1.44443192.168.2.350002CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:48:45.819916964 CET151.101.1.44443192.168.2.350043CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:48:45.820095062 CET151.101.1.44443192.168.2.350042CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:48:45.826963902 CET151.101.1.44443192.168.2.350044CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                        Feb 17, 2021 05:48:45.827117920 CET151.101.1.44443192.168.2.350045CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                        CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030

                                        Code Manipulations

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        Analysis Process: loaddll32.exe PID: 4736 Parent PID: 5712

                                        General

                                        Start time:05:45:53
                                        Start date:17/02/2021
                                        Path:C:\Windows\System32\loaddll32.exe
                                        Wow64 process (32bit):true
                                        Commandline:loaddll32.exe 'C:\Users\user\Desktop\eLN6jfk9iT.dll'
                                        Imagebase:0x8d0000
                                        File size:121856 bytes
                                        MD5 hash:8081BC925DFC69D40463079233C90FA5
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate

                                        Chronological Activities

                                        Analysis Process: regsvr32.exe PID: 912 Parent PID: 4736

                                        General

                                        Start time:05:45:53
                                        Start date:17/02/2021
                                        Path:C:\Windows\SysWOW64\regsvr32.exe
                                        Wow64 process (32bit):true
                                        Commandline:regsvr32.exe /i /s C:\Users\user\Desktop\eLN6jfk9iT.dll
                                        Imagebase:0x1c0000
                                        File size:20992 bytes
                                        MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 6116 Parent PID: 4736

                                        General

                                        Start time:05:45:54
                                        Start date:17/02/2021
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe'
                                        Imagebase:0xbd0000
                                        File size:232960 bytes
                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: iexplore.exe PID: 1364 Parent PID: 6116

                                        General

                                        Start time:05:45:54
                                        Start date:17/02/2021
                                        Path:C:\Program Files\internet explorer\iexplore.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Program Files\Internet Explorer\iexplore.exe
                                        Imagebase:0x7ff6d8ab0000
                                        File size:823560 bytes
                                        MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: iexplore.exe PID: 7072 Parent PID: 1364

                                        General

                                        Start time:05:45:55
                                        Start date:17/02/2021
                                        Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1364 CREDAT:17410 /prefetch:2
                                        Imagebase:0xcd0000
                                        File size:822536 bytes
                                        MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: iexplore.exe PID: 4772 Parent PID: 1364

                                        General

                                        Start time:05:48:36
                                        Start date:17/02/2021
                                        Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1364 CREDAT:82946 /prefetch:2
                                        Imagebase:0xcd0000
                                        File size:822536 bytes
                                        MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Disassembly

                                        Code Analysis

                                        Reset < >